Syazwan b4b7041b8e Harden timesheet authz and close audit/security gaps.
Block weekly-hours IDOR and unauthorized rejects, enforce project membership, stop broadcast reset-token spam, and tighten related hardening plus tests.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-10 17:51:38 +08:00
..