ff372c7322
Blocks 1–5 of stabilization plan: SECURITY - validation.py: restore settings.upload_max_video_bytes (T-14 regression fix) and JSON object key validation that was incorrectly removed - MT-18: add accessible_org_ids filter to list_for_reviewer/list_for_linguist so reviewers/linguists only see jobs from their own org in QC queue - MT-17: add Membership.team_ids[], write to it on invitation acceptance and direct team add/remove; migration backfills from Team.member_user_ids - MT-19: validate all target_team_ids belong to invitation's org_id at creation TESTS - Restore test_cross_tenant_isolation.py (was deleted, only .pyc remained) - Extend with MT-18 reviewer org isolation tests QUICK WINS - W-8: remove time.sleep(1) + dead debug block from POST /jobs (task was undefined — would have caused NameError → HTTP 500 on every job creation) - T-13: warn at startup when REDIS_URL configured but connection failed - T-16: skip language_qc lifespan migration when count=0 (no DB scan on startup) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| fixtures | ||
| unit | ||