On 26 Mar 2009, at 11:48, Ben Davies wrote:
For Authorization, I want each resource to have an owner and a group (like unix/linux), and I want each of these to restrict access based on the http method used to access the resource. For example;I have the resource article.html The owner of this resource is “bob”. The group of this resource is “editors”.The following methods may be used by the owner on this resource: GET, PUT, DELETE The following methods may be used by members of the group “editors” on this resource: GET, PUT Any user who is not the owner, and not a member of the group “editors” may use the following methods: GET
Normally you'd use <Limit> / <LimitExcept>. But that only gives you a two-way distinction, and you need three. I expect you could apply the universal quick&dirty fix: a RewriteCond to capture the request method, and dispatch internally into different protection regimes. If you use trunk/2.3/2.4, there's a cleaner alternative: use <If ...> blocks for different request methods. -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|