|
Hi Everybody! I wonder if someone can help me? I’m interested in restricting
access to certain resource based on the following criteria: The users name Or the users group Standard fare so far. I’m using mod_authn_dbd to
authenticate the user from my MySQL database. For Authorization, I want each resource to have an owner and
a group (like unix/linux), and I want each of these to restrict access based on
the http method used to access the resource. For example; I have the resource article.html The owner of this resource is “bob”. The group of this resource is “editors”. The following methods may be used by the owner on this
resource: GET, PUT, DELETE The following methods may be used by members of the group
“editors” on this resource: GET, PUT Any user who is not the owner, and not a member of the group
“editors” may use the following methods: GET The closest Authz module I have seen that does this is
mod_authz_file which works based on the files actual POSIX file owner and group
details. Unfortunately, this doesn’t restrict access by http method though.
Ideally, I would be able to look up these details from an SQL database by
request URI and request method. Now to my question: Does anyone know if there is a module or combination of
modules that could achieve (or at least part way achieve) this? Is this (as I fear) a restriction/limit of the Require
directive? I could do this in PHP, but I’m attempting to draw a clean
line between Authn/Authz and the resources accessed underneath. Any comments or ideas would be appreciated. Cheers! Ben |
|