Skip to content

Ean Schuessler / mo-mcp

Go to a project
Toggle navigation
Toggle navigation pinning
f4695781 by Ean Schuessler
Options

start adding screen resource support

1 parent 1d9ca524
Expand all
Inline Side-by-side
Showing 3 changed files with 33 additions and 0 deletions
...@@ -23,6 +23,8 @@ ...@@ -23,6 +23,8 @@
23 <moqui.security.ArtifactGroup artifactGroupId="McpScreenTransitions" description="MCP Screen Transitions"/> 23 <moqui.security.ArtifactGroup artifactGroupId="McpScreenTransitions" description="MCP Screen Transitions"/>
24 <moqui.security.ArtifactGroup artifactGroupId="McpBusinessServices" description="MCP Essential Business Services"/> 24 <moqui.security.ArtifactGroup artifactGroupId="McpBusinessServices" description="MCP Essential Business Services"/>
25 <moqui.security.ArtifactGroup artifactGroupId="McpSecurityEntities" description="Security entities needed for permission checks"/> 25 <moqui.security.ArtifactGroup artifactGroupId="McpSecurityEntities" description="Security entities needed for permission checks"/>
26 <moqui.security.ArtifactGroup artifactGroupId="McpScreens" description="MCP Screen Access"/>
27 <moqui.security.ArtifactGroup artifactGroupId="McpScreenTools" description="MCP Screen-based Tools"/>
26 28
27 <!-- MCP Artifact Group Members --> 29 <!-- MCP Artifact Group Members -->
28 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.*" artifactTypeEnumId="AT_SERVICE"/> 30 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.*" artifactTypeEnumId="AT_SERVICE"/>
...@@ -34,6 +36,24 @@ ...@@ -34,6 +36,24 @@
34 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesList" artifactTypeEnumId="AT_SERVICE"/> 36 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesList" artifactTypeEnumId="AT_SERVICE"/>
35 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesRead" artifactTypeEnumId="AT_SERVICE"/> 37 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesRead" artifactTypeEnumId="AT_SERVICE"/>
36 38
39 <!-- Screen Discovery and Execution Services -->
40 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.discover#ScreensAsMcpTools" artifactTypeEnumId="AT_SERVICE"/>
41 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.convert#ScreenToMcpTool" artifactTypeEnumId="AT_SERVICE"/>
42 <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.execute#ScreenAsMcpTool" artifactTypeEnumId="AT_SERVICE"/>
43
44 <!-- Common Screen Access Patterns -->
45 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/order/*" artifactTypeEnumId="AT_XML_SCREEN"/>
46 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/party/*" artifactTypeEnumId="AT_XML_SCREEN"/>
47 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/invoice/*" artifactTypeEnumId="AT_XML_SCREEN"/>
48 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/product/*" artifactTypeEnumId="AT_XML_SCREEN"/>
49 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/ledger/*" artifactTypeEnumId="AT_XML_SCREEN"/>
50 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/marketing/*" artifactTypeEnumId="AT_XML_SCREEN"/>
51 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/sales/*" artifactTypeEnumId="AT_XML_SCREEN"/>
52 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/manufacturing/*" artifactTypeEnumId="AT_XML_SCREEN"/>
53 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/warehouse/*" artifactTypeEnumId="AT_XML_SCREEN"/>
54 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/humanresource/*" artifactTypeEnumId="AT_XML_SCREEN"/>
55 <moqui.security.ArtifactGroupMember artifactGroupId="McpScreens" artifactName="apps/project/*" artifactTypeEnumId="AT_XML_SCREEN"/>
56
37 <!-- Essential Business Services --> 57 <!-- Essential Business Services -->
38 <moqui.security.ArtifactGroupMember artifactGroupId="McpBusinessServices" artifactName="mantle.order.OrderServices.create#Order" artifactTypeEnumId="AT_SERVICE"/> 58 <moqui.security.ArtifactGroupMember artifactGroupId="McpBusinessServices" artifactName="mantle.order.OrderServices.create#Order" artifactTypeEnumId="AT_SERVICE"/>
39 <moqui.security.ArtifactGroupMember artifactGroupId="McpBusinessServices" artifactName="mantle.party.PartyServices.find#Party" artifactTypeEnumId="AT_SERVICE"/> 59 <moqui.security.ArtifactGroupMember artifactGroupId="McpBusinessServices" artifactName="mantle.party.PartyServices.find#Party" artifactTypeEnumId="AT_SERVICE"/>
...@@ -80,17 +100,23 @@ ...@@ -80,17 +100,23 @@
80 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 100 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
81 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpRestPaths" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 101 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpRestPaths" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
82 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpScreenTransitions" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 102 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpScreenTransitions" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
103 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpScreens" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_VIEW"/>
104 <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpScreenTools" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
83 105
84 <!-- Give ALL users access to security entities needed for permission checks --> 106 <!-- Give ALL users access to security entities needed for permission checks -->
85 <moqui.security.ArtifactAuthz userGroupId="ALL_USERS" artifactGroupId="McpSecurityEntities" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 107 <moqui.security.ArtifactAuthz userGroupId="ALL_USERS" artifactGroupId="McpSecurityEntities" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
86 108
87 <!-- Ensure ADMIN user always has access to security entities needed for permission checks --> 109 <!-- Ensure ADMIN user always has access to security entities needed for permission checks -->
88 <moqui.security.ArtifactAuthz userGroupId="ADMIN" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/> 110 <moqui.security.ArtifactAuthz userGroupId="ADMIN" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
111 <moqui.security.ArtifactAuthz userGroupId="ADMIN" artifactGroupId="McpScreens" authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
112 <moqui.security.ArtifactAuthz userGroupId="ADMIN" artifactGroupId="McpScreenTools" authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
89 113
90 <!-- MCP Business Group Authz --> 114 <!-- MCP Business Group Authz -->
91 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 115 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
92 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpBusinessServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 116 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpBusinessServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
93 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpRestPaths" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/> 117 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpRestPaths" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
118 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpScreens" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
119 <moqui.security.ArtifactAuthz userGroupId="MCP_BUSINESS" artifactGroupId="McpScreenTools" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
94 120
95 121
96 <!-- MCP User Accounts --> 122 <!-- MCP User Accounts -->
...@@ -99,6 +125,7 @@ ...@@ -99,6 +125,7 @@
99 125
100 <!-- Add MCP users to MCP user groups --> 126 <!-- Add MCP users to MCP user groups -->
101 <moqui.security.UserGroupMember userGroupId="McpUser" userId="MCP_USER" fromDate="2025-01-01 00:00:00.000"/> 127 <moqui.security.UserGroupMember userGroupId="McpUser" userId="MCP_USER" fromDate="2025-01-01 00:00:00.000"/>
128 <moqui.security.UserGroupMember userGroupId="McpUser" userId="JohnSales" fromDate="2025-01-01 00:00:00.000"/>
102 <moqui.security.UserGroupMember userGroupId="MCP_BUSINESS" userId="MCP_BUSINESS" fromDate="2025-01-01 00:00:00.000"/> 129 <moqui.security.UserGroupMember userGroupId="MCP_BUSINESS" userId="MCP_BUSINESS" fromDate="2025-01-01 00:00:00.000"/>
103 <!-- ADMIN user doesn't need to be in MCP groups - should have full access by default --> 130 <!-- ADMIN user doesn't need to be in MCP groups - should have full access by default -->
104 131
......
...@@ -208,6 +208,7 @@ try { ...@@ -208,6 +208,7 @@ try {
208 // Look up the actual Visit EntityValue 208 // Look up the actual Visit EntityValue
209 visit = ec.entity.find("moqui.server.Visit") 209 visit = ec.entity.find("moqui.server.Visit")
210 .condition("visitId", visitResult.visitId) 210 .condition("visitId", visitResult.visitId)
211 .disableAuthz()
211 .one() 212 .one()
212 if (!visit) { 213 if (!visit) {
213 throw new Exception("Failed to look up newly created Visit") 214 throw new Exception("Failed to look up newly created Visit")
...@@ -339,6 +340,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}") ...@@ -339,6 +340,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
339 // Look up the actual Visit EntityValue 340 // Look up the actual Visit EntityValue
340 visit = ec.entity.find("moqui.server.Visit") 341 visit = ec.entity.find("moqui.server.Visit")
341 .condition("visitId", visitResult.visitId) 342 .condition("visitId", visitResult.visitId)
343 .disableAuthz()
342 .one() 344 .one()
343 if (!visit) { 345 if (!visit) {
344 throw new Exception("Failed to look up newly created Visit") 346 throw new Exception("Failed to look up newly created Visit")
...@@ -468,6 +470,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}") ...@@ -468,6 +470,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
468 // Get Visit directly - this is our session 470 // Get Visit directly - this is our session
469 def visit = ec.entity.find("moqui.server.Visit") 471 def visit = ec.entity.find("moqui.server.Visit")
470 .condition("visitId", sessionId) 472 .condition("visitId", sessionId)
473 .disableAuthz()
471 .one() 474 .one()
472 475
473 if (!visit) { 476 if (!visit) {
...@@ -724,6 +727,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}") ...@@ -724,6 +727,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
724 try { 727 try {
725 def existingVisit = ec.entity.find("moqui.server.Visit") 728 def existingVisit = ec.entity.find("moqui.server.Visit")
726 .condition("visitId", sessionId) 729 .condition("visitId", sessionId)
730 .disableAuthz()
727 .one() 731 .one()
728 732
729 if (!existingVisit) { 733 if (!existingVisit) {
...@@ -925,6 +929,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}") ...@@ -925,6 +929,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
925 // Look up all MCP Visits (persistent) 929 // Look up all MCP Visits (persistent)
926 def mcpVisits = ec.entity.find("moqui.server.Visit") 930 def mcpVisits = ec.entity.find("moqui.server.Visit")
927 .condition("initialRequest", "like", "%mcpSession%") 931 .condition("initialRequest", "like", "%mcpSession%")
932 .disableAuthz()
928 .list() 933 .list()
929 934
930 logger.info("Broadcasting to ${mcpVisits.size()} MCP visits, ${activeConnections.size()} active connections") 935 logger.info("Broadcasting to ${mcpVisits.size()} MCP visits, ${activeConnections.size()} active connections")
...@@ -985,6 +990,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}") ...@@ -985,6 +990,7 @@ logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
985 // Look up all MCP Visits (persistent) 990 // Look up all MCP Visits (persistent)
986 def mcpVisits = ec.entity.find("moqui.server.Visit") 991 def mcpVisits = ec.entity.find("moqui.server.Visit")
987 .condition("initialRequest", "like", "%mcpSession%") 992 .condition("initialRequest", "like", "%mcpSession%")
993 .disableAuthz()
988 .list() 994 .list()
989 995
990 return [ 996 return [
......