mcpctl

michal/mcpctl

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michal	f0faa764e2	fix: RBAC name-scoped access — CUID resolution + list filtering Two bugs fixed: - GET /api/v1/servers/:cuid now resolves CUID→name before RBAC check, so name-scoped bindings match correctly - List endpoints now filter responses via preSerialization hook using getAllowedScope(), so name-scoped users only see their resources Also adds fulldeploy.sh orchestrator script. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:26:37 +00:00

Author

SHA1

Message

Date

Michal

f0faa764e2

fix: RBAC name-scoped access — CUID resolution + list filtering

Two bugs fixed:
- GET /api/v1/servers/:cuid now resolves CUID→name before RBAC check,
  so name-scoped bindings match correctly
- List endpoints now filter responses via preSerialization hook using
  getAllowedScope(), so name-scoped users only see their resources

Also adds fulldeploy.sh orchestrator script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-23 12:26:37 +00:00

1 Commits