Skip to content

mcp-data-platform-v1.42.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Mar 05:29
· 36 commits to main since this release
v1.42.0
6931787
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

This release adds share permission levels (viewer/editor), a Save to My Assets copy workflow, and several portal UX improvements. It also fixes an SSO login bug that caused non-admin users to be immediately logged out.

Share Permission Levels

Asset owners can now choose between Viewer and Editor when sharing with a user. Viewers have read-only access; editors can save changes directly to the original asset (with a confirmation warning). Public links are always viewer-only regardless of what's requested.

  • New permission column on portal_shares (migration 000021) with CHECK constraint limiting values to viewer or editor
  • Existing shares default to viewer on migration
  • Permission dropdown in the Share Dialog when sharing with a user
  • Permission badges displayed in the Share Dialog's active shares list, on the Shared With Me page, and in the Asset Viewer toolbar
  • Editor save shows a confirmation modal: "You are editing a shared asset owned by [owner]. Changes will be visible to the owner and all other recipients."
  • Role-based toolbar controls: owners see Delete/Share/Edit/Save; editors see Save (with warning)/Save to My Assets/Download; viewers see Save to My Assets/Download

Save to My Assets

Shared asset recipients (both viewer and editor) can create an independent copy in their own My Assets via a new Save to My Assets button.

  • New POST /api/v1/portal/assets/{id}/copy endpoint reads the original S3 content, writes it to a new S3 key under the current user's namespace, and creates a new portal_assets record
  • Copies are fully independent — the name gets a " (copy)" suffix and there is no link to the original
  • OOM protection: assets larger than 10 MB are rejected with HTTP 413 before reading from S3
  • Frontend navigates to My Assets after a successful copy

Shared With Me Page Enhancements

The Shared With Me page now matches My Assets in functionality:

  • Thumbnails with background ThumbnailQueue generation
  • Client-side search, content-type dropdown filter, and tag filter
  • Color-coded content-type badges, tags (up to 3), and file size display
  • "Shared by" field now shows the sharer's email address instead of a UUID (falls back to UUID for legacy rows)
  • Back navigation from a shared asset correctly returns to /shared instead of /

CSV Download Button & Public Viewer Info Modal

  • CSV Download: A Download button in the CSV table view header triggers a browser download with the correct asset filename (works in both portal and public share views)
  • Public Viewer Info Modal: An info button in the public viewer header opens a modal displaying asset description, creation/update dates, and tags

Bug Fixes

SSO Login Fix for Non-Admin Users

Non-admin users (e.g. analysts) were immediately logged out after a successful SSO login because the Header component unconditionally called useSystemInfo(), which hit GET /api/v1/admin/system/info. The admin middleware returned 401 for non-admins, and the admin API client interpreted all 401s as session expiration — destroying a perfectly valid session.

Fix: useSystemInfo() is now gated on admin status so non-admin users never call the admin endpoint.

Permission System Hardening

  • DB errors during permission checks now return HTTP 500 instead of silently failing closed with a misleading HTTP 403
  • Consolidated three redundant permission-checking functions (isSharedWithUser, hasEditorPermission, sharePermissionForUser) into a single sharePermissionForUser returning (SharePermission, error)
  • Reduced cyclomatic complexity across all permission-related handlers (all now under the 10-function threshold)

Migration Notes

  • Database: Migration 000021 adds a permission TEXT NOT NULL DEFAULT 'viewer' column with a CHECK (permission IN ('viewer', 'editor')) constraint to portal_shares. All existing shares become viewers automatically. The migration is safe for zero-downtime deployment.
  • API: GET /api/v1/portal/assets/{id} now returns is_owner (bool) and share_permission (string, omitted for owners) in the response body. This is additive and backward-compatible.
  • API: New endpoint POST /api/v1/portal/assets/{id}/copy for the Save to My Assets workflow.
  • API: POST /api/v1/portal/assets/{id}/shares now accepts an optional permission field ("viewer" or "editor"; defaults to "viewer").

Changelog

Features

  • feat: add CSV download button and public viewer info modal (#239)
  • feat: enrich Shared With Me page to match My Assets and fix back navigation (#242)
  • feat: share permission levels, Save to My Assets, and email in Shared By (#245)

Bug Fixes

  • fix: prevent non-admin users from getting "session expired" after SSO login (#241)

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.42.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.42.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.42.0_linux_amd64.tar.gz
Assets 25
Loading