[PR] feat(mcp): add list and get tools for users and roles [superset]

[via GitHub]

aminghadersohi opened a new pull request, #40305:
URL: https://github.com/apache/superset/pull/40305

   ### SUMMARY
   
   Adds 4 new MCP tools implementing the user and role management domain for 
the Superset MCP service:
   
   - `list_users` / `get_user_info` — admin-only user directory tools backed by 
`UserDAO`
   - `list_roles` / `get_role_info` — admin-only role listing tools backed by a 
new minimal `RoleDAO` wrapping the FAB `Role` model
   
   **Privacy controls:** `email` and `roles` fields on `UserInfo` are redacted 
by default. They are only returned when the caller has data model metadata 
access (`user_can_view_data_model_metadata()`). Non-sensitive fields (`id`, 
`username`, `first_name`, `last_name`, `active`) are always returned.
   
   Both domains follow the established MCP tool pattern:
   - `ModelListCore` / `ModelGetInfoCore` from `mcp_core.py`
   - Pydantic request/response schemas with 1-based pagination
   - `@tool` decorator with `class_permission_name` RBAC enforcement
   - `event_logger` instrumentation
   - Apache license headers on all files
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   
   N/A — backend-only MCP tool additions.
   
   ### TESTING INSTRUCTIONS
   
   1. Run the new unit tests:
      ```bash
      pytest tests/unit_tests/mcp_service/user/tool/test_user_tools.py -v
      pytest tests/unit_tests/mcp_service/role/tool/test_role_tools.py -v
      ```
   
   2. Call tools via MCP client (requires admin credentials):
      ```json
      list_users(request={})
      get_user_info(request={"identifier": 1})
      list_roles(request={})
      get_role_info(request={"identifier": 1})
      ```
   
   3. Verify privacy: connect as a user without 
`can_get_drill_info`/`can_write` on Dataset and confirm `email`/`roles` are 
`null` in list_users and get_user_info responses.
   
   ### ADDITIONAL INFORMATION
   
   - [ ] Has associated issue:
   - [ ] Required feature flags:
   - [ ] Changes UI
   - [ ] Includes DB Migration
   - [x] Introduces new feature or API
   - [ ] Removes existing feature or API


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org