Adds the mcp scope group with a single access permission so it shows up in GET /api/v1/routes (and therefore in the frontend token form). Adds APIToken.HasMCPAccess() mirroring the caldav/feeds helpers. The MCP endpoint will use POST, GET, and DELETE on the same path for the streamable-HTTP transport, which CanDoAPIRoute's exact (method, path) match cannot gate. The token middleware therefore skips the route check for /api/v1/mcp and any sub-path; the actual authorization is delegated to an inline HasMCPAccess() call in the MCP handler (added in the next task). Fixtures gain two MCP tokens for user 1: one mcp-only and one with mcp:access plus projects read scopes for the per-tool scope filter tests. |
||
|---|---|---|
| .. | ||
| fixtures | ||
| db.go | ||
| db_path_test.go | ||
| dump.go | ||
| helpers.go | ||
| helpers_test.go | ||
| test.go | ||
| test_fixtures.go | ||