iven d8c3aba5d6 fix(workflow): add tenant membership check to task delegation ...

The delegate method was accepting any UUID as delegate_to without
verifying the target user belongs to the same tenant. This allowed
cross-tenant task delegation. Added raw SQL check against users table
to avoid cross-module dependency on erp-auth.

2026-04-11 16:18:24 +08:00

..

erp-auth

fix(auth): standardize permission codes to dot notation and add missing permissions

2026-04-11 14:30:47 +08:00

erp-common

feat(server): integrate AppState, ModuleRegistry, health check, and graceful shutdown

2026-04-11 01:19:30 +08:00

erp-config

fix(config): add individual menu CRUD endpoints and fix frontend menu data handling

2026-04-11 14:34:48 +08:00

erp-core

fix(security): resolve audit findings and compilation errors (Phase 6)

2026-04-11 12:49:45 +08:00

erp-message

fix(auth): standardize permission codes to dot notation and add missing permissions

2026-04-11 14:30:47 +08:00

erp-server

fix(message): resolve Phase 5-6 audit findings

2026-04-11 14:16:45 +08:00

erp-workflow

fix(workflow): add tenant membership check to task delegation

2026-04-11 16:18:24 +08:00