chihlasm 9150173c3d fix: return 404 instead of 403 for cross-tenant step access ...

get_step_or_404 now returns 404 when can_view_step or can_edit_step fails,
preventing confirmation of step existence across tenant boundaries.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-09 04:02:02 +00:00

22 KiB

Raw Blame History

View Raw