feat(mcp): add list and get tools for users and roles#15
Open
hbrooks wants to merge 5 commits into
Open
Conversation
Implements 4 new MCP tools across two domains: - list_users, get_user_info: admin-only user directory tools with privacy controls (email/roles redacted unless caller has data model metadata access) - list_roles, get_role_info: admin-only role listing tools backed by a minimal RoleDAO wrapping the FAB Role model Registers all tools in app.py and adds them to the server instructions. Unit tests cover basic listing, privacy enforcement, not-found paths, and filter/search mutual-exclusion validation.
- Add model_serializer to UserInfo and RoleInfo so select_columns
context filtering is honored in list_users/list_roles output
(matches pattern used by list_databases/list_dashboards)
- Apply model_dump(context={"select_columns": ...}) in list_users and
list_roles, propagating column selection to nested Info serializers
- Move RoleDAO from mcp_service/role/dao.py to superset/daos/role.py
to be consistent with all other DAO locations in the repo
- Update list_users privacy tests: email requires explicit select_columns
request (not in default column set); roles unavailable in list context
because USER_DIRECTORY_FIELDS filters it from DAO column selection
- Add select_columns output-filtering tests for both list_users and
list_roles; fix role tool test patches to use new DAO module path
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ool layer Pydantic model_validators in ListRolesRequest and ListUsersRequest fired during fastmcp parameter deserialization, producing a raw ToolError with "1 validation error for call[list_roles]" text that the StructuredContent- StripperMiddleware wrapped as non-JSON content. Tests that called json.loads() on the result then raised JSONDecodeError instead of seeing the expected error dict. Removes the model_validators from both schemas and moves the mutual exclusion check into the tool functions' try blocks, returning a proper RoleError/UserError JSON object so tests can assert "error" in data. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… exposure Adds sanitize_error_for_llm_context field validator to UserError and RoleError, matching the pattern already used in ChartError, DashboardError, and DatasetError.
- serialize_user_object gains include_roles param; list_users uses it to skip the per-user roles lazy-load (roles are always stripped by USER_DIRECTORY_FIELDS in list context) - _serialize_role renames cols to _cols to signal intentional disuse - get_user_info and get_role_info broad except blocks now re-raise so auth/unexpected errors are not swallowed as UserError/RoleError Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mirror of apache/superset#40345 by @aminghadersohi