diff --git a/rest/admin_api_auth_routing_permissions.go b/rest/admin_api_auth_routing_permissions.go index d68ef8183d..4b891c80ff 100644 --- a/rest/admin_api_auth_routing_permissions.go +++ b/rest/admin_api_auth_routing_permissions.go @@ -63,6 +63,7 @@ var ( PermCreateDb = Permission{".sgw.db!create", true} PermDeleteDb = Permission{".sgw.db!delete", true} PermUpdateDb = Permission{".sgw.db!update", true} + PermGetDb = Permission{".sgw.db!get", true} PermConfigureSyncFn = Permission{".sgw.sync_function!configure", true} PermConfigureAuth = Permission{".sgw.auth!configure", true} PermWritePrincipal = Permission{".sgw.principal!write", true} diff --git a/rest/admin_api_auth_test.go b/rest/admin_api_auth_test.go index d04eec29b5..2ac9c8d550 100644 --- a/rest/admin_api_auth_test.go +++ b/rest/admin_api_auth_test.go @@ -1042,7 +1042,7 @@ func TestNewlyCreateSGWPermissions(t *testing.T) { { Method: "GET", Endpoint: "/db/", - Users: []string{syncGatewayDevOps}, + Users: []string{syncGatewayDevOps, syncGatewayConfigurator}, }, { Method: "POST", diff --git a/rest/routing.go b/rest/routing.go index eda5dcbe64..4142a0d589 100644 --- a/rest/routing.go +++ b/rest/routing.go @@ -43,7 +43,7 @@ func createCommonRouter(sc *ServerContext, privs handlerPrivs) (root, db, keyspa root.Handle("/", makeHandler(sc, privs, nil, nil, (*handler).handleRoot)).Methods("GET", "HEAD") // Operations on databases: - root.Handle("/{db:"+dbRegex+"}/", makeOfflineHandler(sc, privs, []Permission{PermDevOps}, nil, (*handler).handleGetDB)).Methods("GET", "HEAD") + root.Handle("/{db:"+dbRegex+"}/", makeOfflineHandler(sc, privs, []Permission{PermDevOps, PermGetDb}, nil, (*handler).handleGetDB)).Methods("GET", "HEAD") root.Handle("/{keyspace:"+dbRegex+"}/", makeHandler(sc, privs, []Permission{PermWriteAppData}, nil, (*handler).handlePostDoc)).Methods("POST") // Keyspace operations (i.e. collection-specific):