Updation MCP

TEST_LIST_ORGANIZATIONS.md•11 KiB

# Testing list_organizations Tool ## ✅ Implementation Complete I've created the `list_organizations` tool following the exact pattern from the documentation. --- ## 📁 Files Created/Modified ### 1. **Tool Implementation** - **File**: `src/mcp_server/tools/organizations/list_organizations.py` - **Lines**: 300+ lines with full documentation - **Pattern**: Follows `TOOL_DEVELOPMENT_TEMPLATE.md` exactly ### 2. **RBAC Configuration** - **File**: `src/core/security.py` (line 170) - **Change**: Added `"list_organizations"` to `ORGANIZATION_TOOLS` - **Effect**: Tool is now accessible to Org-level users and Global Admins ### 3. **Package Init** - **File**: `src/mcp_server/tools/organizations/__init__.py` - **Purpose**: Makes the package discoverable --- ## 🎯 What I Implemented (From Documentation) ### From RBAC_IMPLEMENTATION_ANALYSIS.md: ✅ **Stage 1: Tool Visibility (RBAC)** - Tool added to `ORGANIZATION_TOOLS` category - Only Org-level users and Global Admins can see this tool - Platform and Dealership users won't see it in their available tools ✅ **Stage 2: Permission Check** ```python required_permission = "organization.show" if required_permission not in (user_context.permissions or []): return error("Missing required permission") ``` ✅ **Stage 3: Data Filtering (Hierarchy)** ```python # Global Admin: Sees ALL organizations # Org-level users: See only THEIR organization filtered_organizations = RBAC.filter_data_by_hierarchy(...) if not user_context.is_global_admin: filtered_organizations = [ org for org in filtered_organizations if org.get("id") == user_context.organization_id ] ``` ✅ **Stage 4: N/A (Read-only tool)** - No write/delete actions needed --- ## 🔄 Request Flow (From ARCHITECTURE_FLOW.md) ``` User: "Show me all organizations" ↓ Web Chat API: Extract Bearer token → Get cached user ↓ Orchestrator: Filter tools by RBAC ├─ Global Admin: ✅ list_organizations available ├─ Org Admin: ✅ list_organizations available ├─ Platform Admin: ❌ Tool not visible (RBAC filtered) └─ Dealership Admin: ❌ Tool not visible (RBAC filtered) ↓ LLM: Chooses list_organizations tool ↓ Tool Execution: 1. Check permission: "organization.show" ✅ 2. Call Laravel: GET /api/v2/list-organizations/ 3. Filter by hierarchy: - Global Admin → All organizations - Org Admin → Only their organization 4. Return envelope response ↓ LLM: "You have access to 1 organization: Sai SinglePoint Org..." ``` --- ## 🧪 Testing ### Test 1: Global Admin (Sees All Organizations) ```bash curl -X POST http://localhost:8002/chat \ -H "Content-Type: application/json" \ -H "Authorization: Bearer GLOBAL_ADMIN_TOKEN" \ -d '{ "message": "Show me all organizations" }' ``` **Expected Result:** - Tool is visible to LLM ✅ - Permission check passes ✅ - Returns ALL organizations from Laravel - No hierarchy filtering (Global Admin) --- ### Test 2: Org Admin (Sees Only Their Org) ```bash curl -X POST http://localhost:8002/chat \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ORG_ADMIN_TOKEN" \ -d '{ "message": "Show me my organization details" }' ``` **Expected Result:** - Tool is visible to LLM ✅ - Permission check passes (has organization.show) ✅ - Returns organizations from Laravel - Filtered to only organization_id = user's org ✅ --- ### Test 3: Platform Admin (Tool Not Available) ```bash curl -X POST http://localhost:8002/chat \ -H "Content-Type: application/json" \ -H "Authorization: Bearer PLATFORM_ADMIN_TOKEN" \ -d '{ "message": "Show me all organizations" }' ``` **Expected Result:** - Tool is NOT visible to LLM ❌ (RBAC filtered) - LLM responds: "I don't have access to list organizations" - Tool never executes --- ### Test 4: Org Viewer (Has Permission) ```bash curl -X POST http://localhost:8002/chat \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ORG_VIEWER_TOKEN" \ -d '{ "message": "What organization am I in?" }' ``` **Expected Result:** - Tool is visible to LLM ✅ (Org-level user) - Permission check passes (Org Viewer has organization.show) ✅ - Returns only their organization - Read-only (no write actions needed) --- ### Test 5: Org User WITHOUT Permission (Edge Case) If an Org User somehow doesn't have `organization.show` permission: **Expected Result:** - Tool is visible to LLM ✅ (RBAC allows) - Permission check FAILS ❌ - Returns: `{"missing_reason": "Missing required permission: organization.show"}` - LLM tells user they lack permission --- ## 📊 What Each Role Sees | Role | Tool Visible? | Permission Check | Data Returned | |------|---------------|------------------|---------------| | **Global Admin** | ✅ Yes | ✅ Pass | All organizations | | **Org Admin** | ✅ Yes | ✅ Pass | Their organization only | | **Org Manager** | ✅ Yes | ✅ Pass | Their organization only | | **Org User** | ✅ Yes | ✅ Pass | Their organization only | | **Org Viewer** | ✅ Yes | ✅ Pass | Their organization only | | **Platform Admin** | ❌ No | N/A | N/A (tool filtered) | | **Platform User** | ❌ No | N/A | N/A (tool filtered) | | **Dealership Admin** | ❌ No | N/A | N/A (tool filtered) | | **Dealership User** | ❌ No | N/A | N/A (tool filtered) | --- ## 🔍 Code Walkthrough ### 1. Permission Check (Lines 60-75) ```python # From RBAC_IMPLEMENTATION_ANALYSIS.md - Strategy 2: Laravel Permission Check required_permission = "organization.show" if required_permission not in (user_context.permissions or []): return wrap_response( tool_name="list_organizations", trace_id=trace_id, data={"organizations": [], "total": 0}, missing_reason=f"Missing required permission: {required_permission}" ) ``` **Why this works:** - `user_context.permissions` contains Laravel permissions array - Checked from your database: All org-level roles have `organization.show` - Returns safe error if permission missing --- ### 2. Laravel API Call (Lines 77-115) ```python # From TOOL_DEVELOPMENT_TEMPLATE.md - Step 2: Call Laravel API url = f"{settings.laravel_api_url}/api/v2/list-organizations/" headers = { "Authorization": f"Bearer {user_context.bearer_token}", # ← From cached user "Content-Type": "application/json", "Accept": "application/json" } async with httpx.AsyncClient(timeout=30.0) as client: response = await client.get(url, headers=headers, params=params) response.raise_for_status() data = response.json() ``` **Why this works:** - Uses `user_context.bearer_token` (cached from authentication) - Laravel validates token and returns data - Proper error handling with `raise_for_status()` --- ### 3. Hierarchy Filtering (Lines 117-145) ```python # From ARCHITECTURE_FLOW.md - Stage 3: Data Filtering filtered_organizations = RBAC.filter_data_by_hierarchy( data=organizations, user_context=user_context, org_field="id", # Organization's own ID platform_field="platform_id", dealership_field="dealership_id" ) # Additional filtering for non-global admins if not user_context.is_global_admin: filtered_organizations = [ org for org in filtered_organizations if org.get("id") == user_context.organization_id ] ``` **Why this works:** - `RBAC.filter_data_by_hierarchy()` handles basic filtering - Additional check ensures non-admins only see their org - Global Admins bypass this filter (see all orgs) --- ### 4. Envelope Response (Lines 147-160) ```python # From wrap_response pattern return wrap_response( tool_name="list_organizations", trace_id=trace_id, data={ "organizations": filtered_organizations, "total": len(filtered_organizations), "message": f"Successfully retrieved {len(filtered_organizations)} organization(s)" } ) ``` **Why this works:** - Consistent response format for LLM - Includes metadata (total count, message) - LLM can parse and present nicely to user --- ### 5. Auto-Registration (Lines 180-260) ```python def register(mcp): """Auto-discovered by src/mcp_server/tools/__init__.py""" @mcp.tool(name="list_organizations", description="...") async def list_organizations_tool( # Tool params glo_platform_id: str = "all", # User context (auto-injected) user_id: int = 0, bearer_token: str = "", permissions: list = None, ... ): # Create UserContext user_context = UserContext(...) # Call logic return await list_organizations_logic(user_context, ...) ``` **Why this works:** - `register()` function is auto-discovered - Orchestrator injects all user context params - Clean separation: wrapper vs. logic --- ## 📈 Performance Based on BEARER_TOKEN_AUTH.md: - **First request**: ~150ms (calls Laravel for user data) - **Cached requests**: ~10ms (user data cached) - **Tool execution**: ~50-100ms (Laravel API call) - **Total**: ~200ms average --- ## ✅ Checklist (From READY_TO_BUILD.md) - [x] ✅ Calls Laravel API with bearer_token - [x] ✅ Checks appropriate Laravel permission (`organization.show`) - [x] ✅ Filters data by hierarchy (Global Admin vs. Org users) - [x] ✅ Handles viewer roles (read-only, no write check needed) - [x] ✅ Handles errors gracefully (HTTP errors, exceptions) - [x] ✅ Returns envelope response - [x] ✅ Logs all actions (info, warning, error) - [x] ✅ Added to RBAC category (`ORGANIZATION_TOOLS`) - [x] ✅ Auto-discovered by MCP (has `register()` function) --- ## 🎓 Key Implementation Details ### From RBAC_IMPLEMENTATION_ANALYSIS.md: 1. **No Laravel Middleware Needed** ✅ - MCP architecture handles this better - RBAC filters tools before LLM sees them - Permission checks happen in tool code 2. **Bearer Token Authentication** ✅ - Token validated once at API entry - Cached for 15 minutes - Passed to tools for Laravel API calls 3. **Hierarchy-Aware Filtering** ✅ - Global Admin: All data - Org-level: Their org only - Platform/Dealership: N/A (tool not visible) 4. **Laravel Permissions Integration** ✅ - Permissions array passed to tools - Checked with simple `in` operator - Matches your database permissions exactly --- ## 🚀 Next Steps The tool is **ready to use**! To test: 1. **Start the servers**: ```bash # Terminal 1: MCP Server python -m src.mcp_server.server # Terminal 2: Web Chat API python -m src.web_chat.main ``` 2. **Test with cURL** (see examples above) 3. **Check logs**: - Look for `list_organizations_called` - Check `organizations_filtered_by_hierarchy` - Verify permission checks 4. **Build more tools**: - Use this as template - Follow same pattern - Copy-paste and modify --- ## 📚 Documentation References All implementation follows these docs I created: 1. **RBAC_IMPLEMENTATION_ANALYSIS.md** - Overall architecture 2. **TOOL_DEVELOPMENT_TEMPLATE.md** - Code template 3. **ARCHITECTURE_FLOW.md** - Request flow diagrams 4. **READY_TO_BUILD.md** - Tool categories and checklist **Every line of code maps to the documentation!** 🎉

Loading blob content...

Latest Blog Posts

Expose Your Local MCP Server to the Internet
By punkpeye on January 19, 2026.
mcp
MCP Inspector
tutorial
pipenet: A Modern Tunnel for Local Development
By punkpeye on January 19, 2026.
open source
Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sai-Manvith/Updation_MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

TEST_LIST_ORGANIZATIONS.md•11 KiB