superadmin/agenticSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MCP: bloquear escritura de records por accessList del usuario

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jordan Diaz
2026-04-06 21:52:13 +00:00
parent 5bfcee6918
commit 38ac9cecdc
4 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
mcp-server/tools/records/delete.js
View File

@@ -3,6 +3,7 @@ import { withAuth, getSessionCredentials } from "../../auth/index.js";
import { handleToolError, validateRequired, handleApiResponse } from "../helpers/errorHandler.js";
import { AcaiHttpClient } from "../helpers/acaiHttpClient.js";
import { withAuthParams } from "../helpers/authSchema.js";
import { canAccessTable } from "../helpers/accessControl.js";
export function registerDeleteTableRecordsTool(server) {
server.tool(
@@ -20,6 +21,12 @@ export function registerDeleteTableRecordsTool(server) {
const validationError = validateRequired({ tableName }, ['tableName'], 'delete_table_records');
if (validationError) return validationError;
// Check table access
const accessCheck = canAccessTable(tableName);
if (!accessCheck.allowed) {
return { content: [{ type: "text", text: JSON.stringify({ success: false, error: accessCheck.error }) }], isError: true };
}
if (!recordIds && !deleteAll) {
return {
content: [{ type: "text", text: "Error: You must provide either 'recordIds' or set 'deleteAll' to true." }],