Hi Everybody!
I wonder if someone can help me? I'm interested in restricting access to certain resource based on the following criteria: The users name Or the users group Standard fare so far. I'm using mod_authn_dbd to authenticate the user from my MySQL database. For Authorization, I want each resource to have an owner and a group (like unix/linux), and I want each of these to restrict access based on the http method used to access the resource. For example; I have the resource article.html The owner of this resource is "bob". The group of this resource is "editors". The following methods may be used by the owner on this resource: GET, PUT, DELETE The following methods may be used by members of the group "editors" on this resource: GET, PUT Any user who is not the owner, and not a member of the group "editors" may use the following methods: GET The closest Authz module I have seen that does this is mod_authz_file which works based on the files actual POSIX file owner and group details. Unfortunately, this doesn't restrict access by http method though. Ideally, I would be able to look up these details from an SQL database by request URI and request method. Now to my question: Does anyone know if there is a module or combination of modules that could achieve (or at least part way achieve) this? Is this (as I fear) a restriction/limit of the Require directive? I could do this in PHP, but I'm attempting to draw a clean line between Authn/Authz and the resources accessed underneath. Any comments or ideas would be appreciated. Cheers! Ben
