You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Strip undeclared engagement field in reimport permission check
The engagement field is not declared on ReImportScanSerializer and gets
stripped during validation. The permission check must also strip it so it
resolves targets the same way execution does — by name, not by a stale
engagement ID from request.data.
Update test to verify the engagement param is ignored and permission is
checked against the name-resolved target.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
0 commit comments