You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixed LUA-17: Updated has_gym_role() function to require gym_id IS NULL for super_admin role. Verified fix in migration 20251210134245_576ac414-7df3-403f-9bda-c678c58c1eea.sql and confirmed it matches the corrected version in later migration 20260317104012_d92600fc-ca4a-42b0-9ed5-fbd640e71b9f.sql. The vulnerability was that super_admin check didn't require gym_id IS NULL, allowing cross-tenant access. Fix ensures super_admin platform-wide access only applies when gym_id IS NULL.