Pre-production security fixes to prevent cross-hospital data leaks:
- Standards API: add get_queryset() filtering by department__hospital
- Reports service: add user param with hospital filtering to all querysets
- RCA views: replace is_superuser with tenant_hospital pattern, add access
checks to all 11 mutation views
- Notifications views: replace is_superuser patterns with _get_notification_hospital
helper across all 5 settings functions
- Appreciation API: add tenant_hospital fallback to AppreciationViewSet,
AppreciationStatsViewSet, and LeaderboardView
- AI Analytics: add tenant_hospital fallback in ExecutiveSummaryGenerator and
ActionRecommendationEngine
- SourceUserRestrictionMiddleware: remove None from ALLOWED_URL_NAMES
- Complaint export: fix nullable patient/due_at/description crashes in CSV
and Excel export, fix invalid get_category_display/get_source_display calls
E2E test updates:
- Update isolation gap tests to actively assert hospital filtering
- Fix CSV export test to use API context for download handling
- Switch clinical-staff tests to serial mode to prevent race conditions
