# Cookie Authorization Quick Reference

## How to Access User Info in MyMCPServer

### Quick Answer

```elixir
def handle_tool_call("my_tool", args, state) do
  # 1. Get user from state
  user = Map.get(state, :current_user, %{})
  # user = %{id: 1234567890, keys: %{12345 => true, 11111 => true}}

  # 2. Extract permission keys
  user_keys = Map.get(user, :keys, %{})

  # 3. Check authorization
  case Auth.Authorization.authorized?(user_keys, "permission:name") do
    {:ok, true} ->
      # User has permission - do the thing
      {:reply, result, state}

    {:error, _} ->
      # User lacks permission - deny
      {:error, %{code: -32000, message: "Unauthorized"}, state}
  end
end
```

## Data Flow

```
Cookie → Router → Manager → MyMCPServer
                              ↓
                     state.current_user
```

## User Structure

```elixir
%{
  id: integer(),      # User ID from decrypted cookie
  keys: %{            # Permission keys
    12345 => true,    # Has "index:view" permission
    11111 => true     # Has "admin:manage" permission
  }
}
```

## Common Patterns

### Check Single Permission

```elixir
user_keys = Map.get(state, :current_user, %{}) |> Map.get(:keys, %{})
Auth.Authorization.authorized?(user_keys, "index:view")
# => {:ok, true} or {:error, :forbidden}
```

### Check Any of Multiple Permissions

```elixir
Auth.Authorization.authorized_any?(user_keys, ["perm1", "perm2"])
# => true or false
```

### Check All Permissions Required

```elixir
Auth.Authorization.authorized_all?(user_keys, ["perm1", "perm2"])
# => true or false
```

### Filter List by Permissions

```elixir
def handle_request(%{"method" => "tools/list"}, state) do
  user_keys = Map.get(state, :current_user, %{}) |> Map.get(:keys, %{})

  available_tools = all_tools
  |> Enum.filter(fn tool ->
    Auth.Authorization.authorized_bool?(user_keys, tool.required_permission)
  end)

  {:reply, %{tools: available_tools}, state}
end
```

## Files Modified

1. **lib/my_mcp_server_manager.ex**
   - Added `user` parameter to all public functions
   - Injects `current_user` into state before calling MyMCPServer

2. **lib/my_mcp_server_router.ex**
   - Passes `user` from cookie to Manager functions
   - Updates all dispatch methods to include user context

3. **lib/my_mcp_server.ex**
   - Accesses `state.current_user` for authorization
   - Implements permission checks in all handlers

## Testing

```bash
# Restart application to load changes
mix compile
sudo mix run --no-halt

# Or in IEx
iex -S mix
```

Test with Example.run_demo - tools will now check permissions!

## See Full Documentation

- Complete guide: `docs/COOKIE_AUTHORIZATION_IN_MCP_SERVER.md`
- Authorization system: `docs/AUTHORIZATION.md`