If you navigate to the "My Projects" Section of TimeBox, then click "Manage" on one of the projects, this is the staging URL:
https://timeboxui.ortushq.com/projects/manage/8a80829492d948fe01930dc3131e001a?isAdminView=false
as you can see, isAdminView=false is there on the end. Here is where the issues start:

1. I can edit this to be isAdminView=true and get this access:

   1. This first picture is my employee account on PROD. Now, I did the rest of my testing on Staging, but this was to show what COULD be done.

2. I have successfully been able to upload an attachment, but nothing else. I am still testing to see what else can be done, but this is enough to show that this needs to be changed.

3. The API is indeed validating and stopping me from viewing and editing most things, but the access alone needs to be shut down.