Skip to content

fix: always register admin tools and allow user API key auth#42

Merged
xfalcox merged 1 commit into
mainfrom
fix/admin-auth-gating
Mar 4, 2026
Merged

fix: always register admin tools and allow user API key auth#42
xfalcox merged 1 commit into
mainfrom
fix/admin-auth-gating

Conversation

@xfalcox

@xfalcox xfalcox commented Mar 4, 2026

Copy link
Copy Markdown
Member
  • Always register Data Explorer tools, resources, and prompts regardless of auth type — fixes prompts/list returning empty/erroring for non-admin users
  • Allow user_api_key auth for admin-only endpoints (Data Explorer, list_users) — previously only global API keys were accepted, blocking admin users with user API keys
  • Access is now enforced at call time by Discourse server-side, not at MCP registration time
  • Remove hasAdminAuth() and allowAdminTools config — no longer needed

Remove registration-time admin gates from Data Explorer tools, resources,
and prompts. Access is now enforced at call time by Discourse, not at
startup. This fixes prompts/list returning empty for non-admin users and
allows admin users with user API keys to access Data Explorer endpoints.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@xfalcox xfalcox merged commit afc6213 into main Mar 4, 2026
2 checks passed
@xfalcox xfalcox deleted the fix/admin-auth-gating branch March 4, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants