refactor(backend): remove unnecessary permissions from user config routes

Lasim · Lasim · commit b47682556906 · 2025-08-24T20:20:19.000+02:00
diff --git a/services/backend/src/routes/mcp/user-configurations/create.ts b/services/backend/src/routes/mcp/user-configurations/create.ts
@@ -1,6 +1,5 @@
 import { type FastifyInstance } from 'fastify';
 import { requireAuthenticationAny } from '../../../middleware/oauthMiddleware';
-import { requireTeamPermission } from '../../../middleware/roleMiddleware';
 import { McpUserConfigurationService } from '../../../services/mcpUserConfigurationService';
 import { getDb } from '../../../db';
 import {
@@ -22,13 +21,12 @@ export default async function createUserConfigRoute(server: FastifyInstance) {
     Body: CreateUserConfigRequest;
   }>('/teams/:teamId/mcp/installations/:installationId/user-configs', {
     preValidation: [
-      requireAuthenticationAny(),
-      requireTeamPermission('mcp.installations.edit')
+      requireAuthenticationAny()
     ],
     schema: {
       tags: ['MCP User Configurations'],
       summary: 'Create user configuration for MCP installation',
-      description: 'Creates a new user-specific configuration for an MCP server installation. This allows individual users to customize arguments and environment variables for their personal use. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users). Requires mcp:read scope for OAuth2 access.',
+      description: 'Creates a new user-specific configuration for an MCP server installation. This allows individual users to customize arguments and environment variables for their personal use. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users).',
       security: DUAL_AUTH_SECURITY,
       
       // Fastify validation schema
diff --git a/services/backend/src/routes/mcp/user-configurations/update.ts b/services/backend/src/routes/mcp/user-configurations/update.ts
@@ -1,6 +1,5 @@
 import { type FastifyInstance } from 'fastify';
-import { requireAuthenticationAny, requireOAuthScope } from '../../../middleware/oauthMiddleware';
-import { requireTeamPermission } from '../../../middleware/roleMiddleware';
+import { requireAuthenticationAny } from '../../../middleware/oauthMiddleware';
 import { McpUserConfigurationService } from '../../../services/mcpUserConfigurationService';
 import { getDb } from '../../../db';
 import {
@@ -16,9 +15,7 @@ export default async function updateUserConfigurationRoute(server: FastifyInstan
     '/teams/:teamId/mcp/installations/:installationId/user-configs/:configId',
     {
       preValidation: [
-        requireAuthenticationAny(),
-        requireOAuthScope('mcp:read'),
-        requireTeamPermission('mcp.installations.manage')
+        requireAuthenticationAny()
       ],
       schema: updateUserConfigurationSchema
     },
diff --git a/services/backend/src/routes/mcp/user-configurations/updateArgs.ts b/services/backend/src/routes/mcp/user-configurations/updateArgs.ts
@@ -1,6 +1,5 @@
 import { type FastifyInstance } from 'fastify';
-import { requireAuthenticationAny, requireOAuthScope } from '../../../middleware/oauthMiddleware';
-import { requireTeamPermission } from '../../../middleware/roleMiddleware';
+import { requireAuthenticationAny } from '../../../middleware/oauthMiddleware';
 import { McpUserConfigurationService } from '../../../services/mcpUserConfigurationService';
 import { getDb } from '../../../db';
 import {
@@ -16,15 +15,13 @@ export default async function updateUserArgsRoute(server: FastifyInstance) {
     '/teams/:teamId/mcp/installations/:installationId/user-configs/:configId/args',
     {
       preValidation: [
-        requireAuthenticationAny(),
-        requireOAuthScope('mcp:read'),
-        requireTeamPermission('mcp.installations.manage')
+        requireAuthenticationAny()
       ],
       schema: {
         ...updateUserArgsSchema,
         tags: ['MCP User Configurations'],
         summary: 'Update user configuration arguments',
-        description: 'Updates the user-specific arguments for an MCP server installation configuration. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users). Requires mcp:read scope for OAuth2 access.'
+        description: 'Updates the user-specific arguments for an MCP server installation configuration. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users).'
       }
     },
     async (request, reply) => {
diff --git a/services/backend/src/routes/mcp/user-configurations/updateEnv.ts b/services/backend/src/routes/mcp/user-configurations/updateEnv.ts
@@ -1,6 +1,5 @@
 import { type FastifyInstance } from 'fastify';
-import { requireAuthenticationAny, requireOAuthScope } from '../../../middleware/oauthMiddleware';
-import { requireTeamPermission } from '../../../middleware/roleMiddleware';
+import { requireAuthenticationAny } from '../../../middleware/oauthMiddleware';
 import { McpUserConfigurationService } from '../../../services/mcpUserConfigurationService';
 import { getDb } from '../../../db';
 import {
@@ -16,15 +15,13 @@ export default async function updateUserEnvRoute(server: FastifyInstance) {
     '/teams/:teamId/mcp/installations/:installationId/user-configs/:configId/env',
     {
       preValidation: [
-        requireAuthenticationAny(),
-        requireOAuthScope('mcp:read'),
-        requireTeamPermission('mcp.installations.manage')
+        requireAuthenticationAny()
       ],
       schema: {
         ...updateUserEnvSchema,
         tags: ['MCP User Configurations'],
         summary: 'Update user configuration environment variables',
-        description: 'Updates the user-specific environment variables for an MCP server installation configuration. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users). Requires mcp:read scope for OAuth2 access.'
+        description: 'Updates the user-specific environment variables for an MCP server installation configuration. Requires Content-Type: application/json header when sending request body. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users).'
       }
     },
     async (request, reply) => {
