Context
Payment proof security was marked resolved in the gap analysis, but the pre-launch checklist still calls for direct verification of bucket RLS and signed URL behavior.
Acceptance criteria
- Confirm payment proofs are not publicly readable.
- Confirm students can access only their own proof via signed URL flow.
- Confirm admins can view submitted proofs through the admin UI.
- Confirm rejected-payment re-upload continues to work.
- Add/update tests where practical, or document manual verification steps and results.
References
docs/GAP_ANALYSIS.md A1/D5docs/plan-CorvEd.md Step 6 pre-launch checklist
Context
Payment proof security was marked resolved in the gap analysis, but the pre-launch checklist still calls for direct verification of bucket RLS and signed URL behavior.
Acceptance criteria
References
docs/GAP_ANALYSIS.mdA1/D5docs/plan-CorvEd.mdStep 6 pre-launch checklist