Skip to content

[BUG][AUTH]: Non-admin user unable to list public gateways #2185

Closed
Bug
1 of 1 issue completed
#2186
Closed
[BUG][AUTH]: Non-admin user unable to list public gateways#2185
Bug
1 of 1 issue completed
#2186
Assignees
crivetimihaiKKNithin
Labels
MUSTP1: Non-negotiable, critical requirements without which the product is non-functional or unsafebugSomething isn't workingpythonPython / backend development (FastAPI)rbacRole-based Access Control
Milestone
Release 1.0.0-RC1
@KKNithin

Description

@KKNithin
KKNithin
opened on Jan 19, 2026

🐞 Bug Summary

When a Non-Admin user tries to list gateways it won't list any.

🧩 Affected Component

Select the area of the project impacted:

  • mcpgateway - API
  • mcpgateway - UI (admin panel)
  • mcpgateway.wrapper - stdio wrapper
  • Federation or Transports
  • CLI, Makefiles, or shell scripts
  • Container setup (Docker/Podman/Compose)
  • Other (explain below)

🔁 Steps to Reproduce

  1. Create a non admin user, have some public servers created.
  2. Use backend list gateways endpoint to get the list of gateways

wrong query without public condition

"SELECT [[gateways.id](http://gateways.id/)](http://gateways.id/), [[gateways.name](http://gateways.name/)](http://gateways.name/), gateways.slug, gateways.url, gateways.description, gateways.transport, gateways.capabilities, gateways.created_at, gateways.updated_at, gateways.enabled, gateways.reachable, gateways.last_seen, gateways.tags, gateways.created_by, gateways.created_from_ip, gateways.created_via, gateways.created_user_agent, gateways.modified_by, gateways.modified_from_ip, gateways.modified_via, gateways.modified_user_agent, gateways.import_batch_id, gateways.federation_source, gateways.version, gateways.passthrough_headers, gateways.ca_certificate, gateways.ca_certificate_sig, gateways.signing_algorithm, gateways.auth_type, gateways.auth_value, gateways.oauth_config, gateways.team_id, gateways.owner_email, gateways.visibility \nFROM gateways \n

WHERE gateways.enabled AND (gateways.team_id = '5e91ea4351434c6583cddd6cb7f9b946' AND gateways.visibility IN ('team') OR gateways.team_id = '5e91ea4351434c6583cddd6cb7f9b946' AND gateways.owner_email = 'user1acc1@cf.com' OR gateways.visibility = 'public') ORDER BY gateways.created_at DESC, [[gateways.id](http://gateways.id/)](http://gateways.id/) DESC"

🤔 Expected Behavior

What should have happened instead?
You should be able to see the public servers create

📓 Logs / Error Output

Paste any relevant stack traces or logs here.
⚠️ Do not paste secrets, credentials, or tokens.

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key Value
Version or commit v1.0.0-BETA
Runtime Python 3.11
Platform / OS macOS
Container Docker

🧩 Additional Context (optional)

Add any configuration details, flags, or related issues.

Metadata

Metadata

Assignees

Labels

MUSTP1: Non-negotiable, critical requirements without which the product is non-functional or unsafebugSomething isn't workingpythonPython / backend development (FastAPI)rbacRole-based Access Control

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions