From 57219c6126b9ec41ae8932150779e5b6e2f464df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Magiera?= <magik6k@gmail.com>
Date: Tue, 23 Jul 2019 22:15:29 +0200
Subject: [PATCH] auth: Update docs

---
 api/permissioned.go | 2 ++
 api/struct.go       | 4 ++--
 docs/API.md         | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/api/permissioned.go b/api/permissioned.go
index 9f61d9ce0..78616518a 100644
--- a/api/permissioned.go
+++ b/api/permissioned.go
@@ -12,6 +12,8 @@ type permKey int
 var permCtxKey permKey
 
 const (
+	// When changing these, update docs/API.md too
+
 	PermRead  = "read" // default
 	PermWrite = "write"
 	PermSign  = "sign"  // Use wallet keys for signing
diff --git a/api/struct.go b/api/struct.go
index 45e34e0f7..3e238ab95 100644
--- a/api/struct.go
+++ b/api/struct.go
@@ -37,10 +37,10 @@ type Struct struct {
 		MinerCreateBlock func(context.Context, address.Address, *chain.TipSet, []chain.Ticket, chain.ElectionProof, []*chain.SignedMessage) (*chain.BlockMsg, error) `perm:"write"`
 
 		WalletNew            func(context.Context, string) (address.Address, error)                   `perm:"write"`
-		WalletList           func(context.Context) ([]address.Address, error)                         `perm:"read"`
+		WalletList           func(context.Context) ([]address.Address, error)                         `perm:"write"`
 		WalletBalance        func(context.Context, address.Address) (types.BigInt, error)             `perm:"read"`
 		WalletSign           func(context.Context, address.Address, []byte) (*chain.Signature, error) `perm:"sign"`
-		WalletDefaultAddress func(context.Context) (address.Address, error)                           `perm:"read"` // todo: this reveals owner identity, should be write?
+		WalletDefaultAddress func(context.Context) (address.Address, error)                           `perm:"write"`
 		MpoolGetNonce        func(context.Context, address.Address) (uint64, error)                   `perm:"read"`
 
 		ClientImport      func(ctx context.Context, path string) (cid.Cid, error) `perm:"write"`
diff --git a/docs/API.md b/docs/API.md
index 6e53ddcda..2b244b38b 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -12,8 +12,10 @@ By default `127.0.0.1:1234` - daemon stores the api endpoint multiaddr in `~/.lo
 JWT in the `Authorization: Bearer <token>` http header
 
 Permissions:
-* `read` - read node state, no private data
-* `write` - basically root access, for now
+* `read` - Read node state, no private data
+* `write` - Write to local store / chain, read private data
+* `sign` - Use private keys stored in wallet for signing
+* `admin` - Manage permissions
 
 Payload:
 ```json