Problem
Same class as #173/#187/#191/#195/#199 on InventoryTransaction. /v1/inventorytransaction/:id GET/PATCH/DELETE returns 404 for absent ids but 403 for existing-but-not-yours, letting a scoped caller enumerate invtId populations.
Fix
Collapse both cases into 404. Master + own-tenant paths unchanged.
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/
Problem
Same class as #173/#187/#191/#195/#199 on InventoryTransaction.
/v1/inventorytransaction/:idGET/PATCH/DELETE returns 404 for absent ids but 403 for existing-but-not-yours, letting a scoped caller enumerateinvtIdpopulations.Fix
Collapse both cases into 404. Master + own-tenant paths unchanged.
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/