diff --git a/src/mcpd/src/main.ts b/src/mcpd/src/main.ts index 4ed867c..9e68b22 100644 --- a/src/mcpd/src/main.ts +++ b/src/mcpd/src/main.ts @@ -114,7 +114,9 @@ function mapUrlToPermission(method: string, url: string): PermissionCheck { const nameMatch = url.match(/^\/api\/v1\/[a-z-]+\/([^/?]+)/); const resourceName = nameMatch?.[1]; - return { kind: 'resource', resource, action, resourceName }; + const check: PermissionCheck = { kind: 'resource', resource, action }; + if (resourceName !== undefined) (check as { resourceName: string }).resourceName = resourceName; + return check; } async function main(): Promise { diff --git a/src/mcpd/src/services/backup/restore-service.ts b/src/mcpd/src/services/backup/restore-service.ts index 8c56738..6c817b4 100644 --- a/src/mcpd/src/services/backup/restore-service.ts +++ b/src/mcpd/src/services/backup/restore-service.ts @@ -3,6 +3,7 @@ import type { IProjectRepository } from '../../repositories/project.repository.j import type { IUserRepository } from '../../repositories/user.repository.js'; import type { IGroupRepository } from '../../repositories/group.repository.js'; import type { IRbacDefinitionRepository } from '../../repositories/rbac-definition.repository.js'; +import type { RbacRoleBinding } from '../../validation/rbac-definition.schema.js'; import { decrypt } from './crypto.js'; import type { BackupBundle } from './backup-service.js'; @@ -317,7 +318,7 @@ export class RestoreService { // overwrite await this.rbacRepo.update(existing.id, { subjects: rbac.subjects as Array<{ kind: 'User' | 'Group'; name: string }>, - roleBindings: rbac.roleBindings as Array<{ role: string; resource: string } | { role: 'run'; action: string }>, + roleBindings: rbac.roleBindings as RbacRoleBinding[], }); result.rbacCreated++; continue; @@ -326,7 +327,7 @@ export class RestoreService { await this.rbacRepo.create({ name: rbac.name, subjects: rbac.subjects as Array<{ kind: 'User' | 'Group'; name: string }>, - roleBindings: rbac.roleBindings as Array<{ role: string; resource: string } | { role: 'run'; action: string }>, + roleBindings: rbac.roleBindings as RbacRoleBinding[], }); result.rbacCreated++; } catch (err) { diff --git a/src/mcpd/src/validation/index.ts b/src/mcpd/src/validation/index.ts index 74a0ee6..31ea50b 100644 --- a/src/mcpd/src/validation/index.ts +++ b/src/mcpd/src/validation/index.ts @@ -1,6 +1,6 @@ export { CreateMcpServerSchema, UpdateMcpServerSchema } from './mcp-server.schema.js'; export type { CreateMcpServerInput, UpdateMcpServerInput } from './mcp-server.schema.js'; export { CreateProjectSchema, UpdateProjectSchema } from './project.schema.js'; -export type { CreateProjectInput, UpdateProjectInput, ProjectMemberInput } from './project.schema.js'; +export type { CreateProjectInput, UpdateProjectInput } from './project.schema.js'; export { CreateRbacDefinitionSchema, UpdateRbacDefinitionSchema, RbacSubjectSchema, RbacRoleBindingSchema, RBAC_ROLES, RBAC_RESOURCES } from './rbac-definition.schema.js'; export type { CreateRbacDefinitionInput, UpdateRbacDefinitionInput, RbacSubject, RbacRoleBinding } from './rbac-definition.schema.js';