I have three locations but the thMenu dashboard only shows polls from one — poll-check multi-restaurant (PR #603 BBB F2)

Ewan Manchester 39-yo 12-yr The Northern Pie Co. British pie shop chain 3 locations City Centre Deansgate + Salford Quays + Stockport Heaton Norris steak+ale chicken+leek vegetarian mushroom+stilton. thMenu Platinum 16 months order tracking + table sessions + bill requests across all three. Weekday 09:00 tablet dashboard reviews overnight numbers before day starts. Tuesday morning Deansgate overnight notifications showing but Salford Quays + Stockport 'no data'. Ewan tablet local terminal data showed up. WhatsApp Salford manager Liam 31 orders table six + eight full. Own dashboard Salford 403 Forbidden. Stockport same 403. Only Deansgate 200 OK. Theory Deansgate primary Salford + Stockport sub permission matrix tangled. Support ticket multi-restaurant 3 shops dashboard one network 403. Engineering account memberships SELECT owner_id=ewan 3 shops all active. 3 wrong theories (1) JWT payload multi-restaurant claim missing decoded sub+role no restaurant_id frontend ?restaurant_id=... query param worker parse ownership verify; (2) Worker rate-limit 3 shops 3× ratelimit per-IP bucket not full; (3) custom domain config tangled pie-deansgate.co.uk + pie-salford.co.uk + pie-stockport.co.uk CNAME correct. Forensic cloudflare/src/handlers/poll-check.ts line 56 bug SELECT id FROM restaurants WHERE owner_id=? AND is_active=1 LIMIT 1. Pattern find any restaurant owned by user take first treat ownership verified compare query ?restaurant_id=... if (ownerRow?.id !== queryRestaurantId) return 403. LIMIT 1 no ORDER BY oldest-created Deansgate returned. Salford/Stockport query param other ids no match 403. Multi-restaurant operator systematically wrong picks one restaurant authoritative ignores ownership matrix. Single-restaurant scenario code multi-restaurant Platinum tier shipped poll-check not swept. PR #603 batch BBB F2 minimal fix existence check SELECT 1 FROM restaurants WHERE id=? AND owner_id=? AND is_active=1. if (!ownsRestaurant) return 403. Performance SELECT 1 composite index O(1) lookup single-restaurant same latency multi-restaurant all shops uniform. Bonus is_active=1 filter preserved soft-delete defense-in-depth. Production audit 90-day poll-check 403 multi-restaurant 12 operators 38 distinct restaurants 89247 polls 403. 4 operators ticket low-priority reproducer not clear Ewan report crystallized. Ewan email + 1-month Platinum credit Twitter Manchester-Stockport 3 shops one dashboard 6 hours fix shipped 2.1k engagement. 11 affected operators proactive email PR #603 BBB F2 multi-restaurant fix 1-month Platinum credit. Mahmut Diyarbakir Sur Lezzet Diyari Diyarbakir Sofrasi 4-shop Southeastern Anatolian 18-yr parallel ticket. Pattern multi-tenant ownership verification 'fetch first-owned + compare' anti-pattern correct existence check 'does user actually own specific record'. LIMIT 1 single-tenant silent multi-tenant feature ships every authority handler sweep. Sibling sweep /api/restaurant-stats + /api/billing/current + /api/staff-list + /api/menu-stats + /api/feedback-list cleanup PR. Implementation existence check WHERE id=? AND owner_id=? + is_active filter + composite index + per-request restaurant_id query param + test multi-tenant 3+ + production audit 403 ratio + sibling-handler grep LIMIT 1 + owner_id. PR #603 reference.

Related articles