Access restrictions table
The following example uses a simple set of access restriction rules with 4 different roles:
# | HTTP Method | Path | Restricted to Roles |
---|---|---|---|
1 | ^GET$ | .* | weak |
2 | ^GET$ (inverted) | .* | strong, admin |
3 | ^(POST|PATCH|DELETE)$ | ^/accounts | useradmin, admin |
4 | .* | ^/admin | admin |
The example requests are restricted as follows:
Sent request | Required role(s) | Applied rule(s) # |
---|---|---|
GET /index.html | weak | 1 |
GET /admin/index.html | weak and admin | 1, 4 |
GET /accounts/ | weak | 1 |
PATCH /users/h7466 | strong or admin | 2 |
POST /accounts/id775 | (strong or admin) and (useradmin or admin) - i.e. | 2, 3 |
DELETE /admin/user/bfg4 | admin | 2, 4 |
GET /admin/users | weak and admin | 1, 4 |