Skip to content

feat(mcp): add list and get tools for users and roles#15

Open
hbrooks wants to merge 5 commits into
masterfrom
demo/pr-40345
Open

feat(mcp): add list and get tools for users and roles#15
hbrooks wants to merge 5 commits into
masterfrom
demo/pr-40345

Conversation

@hbrooks

@hbrooks hbrooks commented May 28, 2026

Copy link
Copy Markdown

aminghadersohi and others added 5 commits May 21, 2026 20:44
Implements 4 new MCP tools across two domains:
- list_users, get_user_info: admin-only user directory tools with
  privacy controls (email/roles redacted unless caller has data model
  metadata access)
- list_roles, get_role_info: admin-only role listing tools backed by
  a minimal RoleDAO wrapping the FAB Role model

Registers all tools in app.py and adds them to the server instructions.
Unit tests cover basic listing, privacy enforcement, not-found paths,
and filter/search mutual-exclusion validation.
- Add model_serializer to UserInfo and RoleInfo so select_columns
  context filtering is honored in list_users/list_roles output
  (matches pattern used by list_databases/list_dashboards)
- Apply model_dump(context={"select_columns": ...}) in list_users and
  list_roles, propagating column selection to nested Info serializers
- Move RoleDAO from mcp_service/role/dao.py to superset/daos/role.py
  to be consistent with all other DAO locations in the repo
- Update list_users privacy tests: email requires explicit select_columns
  request (not in default column set); roles unavailable in list context
  because USER_DIRECTORY_FIELDS filters it from DAO column selection
- Add select_columns output-filtering tests for both list_users and
  list_roles; fix role tool test patches to use new DAO module path

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ool layer

Pydantic model_validators in ListRolesRequest and ListUsersRequest fired
during fastmcp parameter deserialization, producing a raw ToolError with
"1 validation error for call[list_roles]" text that the StructuredContent-
StripperMiddleware wrapped as non-JSON content. Tests that called
json.loads() on the result then raised JSONDecodeError instead of seeing
the expected error dict.

Removes the model_validators from both schemas and moves the mutual
exclusion check into the tool functions' try blocks, returning a proper
RoleError/UserError JSON object so tests can assert "error" in data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… exposure

Adds sanitize_error_for_llm_context field validator to UserError and RoleError,
matching the pattern already used in ChartError, DashboardError, and DatasetError.
- serialize_user_object gains include_roles param; list_users uses it
  to skip the per-user roles lazy-load (roles are always stripped by
  USER_DIRECTORY_FIELDS in list context)
- _serialize_role renames cols to _cols to signal intentional disuse
- get_user_info and get_role_info broad except blocks now re-raise so
  auth/unexpected errors are not swallowed as UserError/RoleError

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants