On 26 Mar 2009, at 11:48, Ben Davies wrote:
For Authorization, I want each resource to have an owner and a
group (like unix/linux), and I want each of these to restrict
access based on the http method used to access the resource. For
example;
I have the resource article.html
The owner of this resource is “bob”.
The group of this resource is “editors”.
The following methods may be used by the owner on this resource:
GET, PUT, DELETE
The following methods may be used by members of the group “editors”
on this resource: GET, PUT
Any user who is not the owner, and not a member of the group
“editors” may use the following methods: GET
Normally you'd use <Limit> / <LimitExcept>. But that only gives you a
two-way distinction, and you need three.
I expect you could apply the universal quick&dirty fix: a RewriteCond
to capture the request method, and dispatch internally into different
protection regimes.
If you use trunk/2.3/2.4, there's a cleaner alternative: use
<If ...> blocks for different request methods.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
