From 561b3ce8e5307165005cdcaa9c0cea1cf8b30803 Mon Sep 17 00:00:00 2001
From: Gregory Newman-Smith <gregory.newmansmith@couchbase.com>
Date: Thu, 30 May 2024 11:37:00 +0100
Subject: [PATCH 1/2] CBG-3856: add Architect role to GET /db/ endpoint

---
 rest/admin_api_auth_routing_permissions.go | 1 +
 rest/routing.go                            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rest/admin_api_auth_routing_permissions.go b/rest/admin_api_auth_routing_permissions.go
index d68ef8183d..4b891c80ff 100644
--- a/rest/admin_api_auth_routing_permissions.go
+++ b/rest/admin_api_auth_routing_permissions.go
@@ -63,6 +63,7 @@ var (
 	PermCreateDb             = Permission{".sgw.db!create", true}
 	PermDeleteDb             = Permission{".sgw.db!delete", true}
 	PermUpdateDb             = Permission{".sgw.db!update", true}
+	PermGetDb                = Permission{".sgw.db!get", true}
 	PermConfigureSyncFn      = Permission{".sgw.sync_function!configure", true}
 	PermConfigureAuth        = Permission{".sgw.auth!configure", true}
 	PermWritePrincipal       = Permission{".sgw.principal!write", true}
diff --git a/rest/routing.go b/rest/routing.go
index eda5dcbe64..4142a0d589 100644
--- a/rest/routing.go
+++ b/rest/routing.go
@@ -43,7 +43,7 @@ func createCommonRouter(sc *ServerContext, privs handlerPrivs) (root, db, keyspa
 	root.Handle("/", makeHandler(sc, privs, nil, nil, (*handler).handleRoot)).Methods("GET", "HEAD")
 
 	// Operations on databases:
-	root.Handle("/{db:"+dbRegex+"}/", makeOfflineHandler(sc, privs, []Permission{PermDevOps}, nil, (*handler).handleGetDB)).Methods("GET", "HEAD")
+	root.Handle("/{db:"+dbRegex+"}/", makeOfflineHandler(sc, privs, []Permission{PermDevOps, PermGetDb}, nil, (*handler).handleGetDB)).Methods("GET", "HEAD")
 	root.Handle("/{keyspace:"+dbRegex+"}/", makeHandler(sc, privs, []Permission{PermWriteAppData}, nil, (*handler).handlePostDoc)).Methods("POST")
 
 	// Keyspace operations (i.e. collection-specific):

From 300d3bd43ab954509ec62236fba36d14edf25488 Mon Sep 17 00:00:00 2001
From: Gregory Newman-Smith <gregory.newmansmith@couchbase.com>
Date: Thu, 30 May 2024 12:19:10 +0100
Subject: [PATCH 2/2] add test case for changes

---
 rest/admin_api_auth_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest/admin_api_auth_test.go b/rest/admin_api_auth_test.go
index d04eec29b5..2ac9c8d550 100644
--- a/rest/admin_api_auth_test.go
+++ b/rest/admin_api_auth_test.go
@@ -1042,7 +1042,7 @@ func TestNewlyCreateSGWPermissions(t *testing.T) {
 		{
 			Method:   "GET",
 			Endpoint: "/db/",
-			Users:    []string{syncGatewayDevOps},
+			Users:    []string{syncGatewayDevOps, syncGatewayConfigurator},
 		},
 		{
 			Method:   "POST",