mickey-mikey 377791080c feat: add tasks:manage permission level to deny delete without blocking other writes ...

The consolidated manage_task tool bundles create/update/delete/move into a
single tool, making it impossible to deny just the delete action via tool
tiers or scope-based filtering.

This adds:
- A `manage` permission level for tasks (between readonly and full)
- A SERVICE_DENIED_ACTIONS registry mapping (service, level) to denied actions
- An is_action_denied() helper that tools call before executing actions
- Guards in manage_task and manage_task_list that reject denied actions

Usage: --permissions tasks:manage
Allows create, update, move. Denies delete.
tasks:full remains unchanged (all actions allowed).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-04 15:04:31 +11:00

..

__init__.py

apply ruff formatting

2025-12-13 13:49:28 -08:00

auth_info_middleware.py

logfix

2026-02-24 11:23:22 -04:00

credential_store.py

fix(auth): filter non-credential files from list_users()

2026-02-13 13:40:56 -08:00

external_oauth_provider.py

refac

2026-02-07 13:35:32 -05:00

google_auth.py

make better

2026-03-01 17:34:02 -05:00

mcp_session_middleware.py

jwt handling improvements

2026-02-05 11:17:59 -05:00

oauth21_session_store.py

pkce fix

2026-02-28 10:06:50 -04:00

oauth_callback_server.py

ruff

2026-02-10 17:22:28 -05:00

oauth_config.py

jwt handling improvements

2026-02-05 11:17:59 -05:00

oauth_responses.py

apply ruff formatting

2025-12-13 13:49:28 -08:00

oauth_types.py

fix: subclass AccessToken with custom fields

2026-01-29 16:06:00 -05:00

permissions.py

feat: add tasks:manage permission level to deny delete without blocking other writes

2026-03-04 15:04:31 +11:00

scopes.py

fix all them tests

2026-02-24 21:09:14 -04:00

service_decorator.py

Merge branch 'main' of https://github.com/taylorwilsdon/google_workspace_mcp into fastmcp_v3

2026-02-24 10:13:14 -04:00