|
Graham Dumpleton
grahamd at dscpl.com.au
Fri Sep 1 02:30:45 EDT 2006
Deron Meranda wrote .. > > BLOCK_URI = '/svn/drives/!svn/*/*/packages/tags/*/*/*' > > > > BLOCK_METHOD = [ 'MKCOL', 'PUT', 'PROPPATCH', 'CHECKOUT', > > 'MERGE', 'MKACTIVITY', 'LOCK', 'UNLOCK' ] > > > > def authzhandler(req): > > if fnmatch.fnmatch(req.uri, BLOCK_URI): > > if req.method in BLOCK_METHOD: > > return apache.HTTP_FORBIDDEN > > return apache.OK > > I like to reverse this logic and list those methods I want > to allow instead of those to block. There are so many > different methods (and more being invented by the > DAV working groups all the time), that I don't want > to leave one out. > > The methods needed for complete read-only access are: > ['GET','HEAD','OPTIONS','PROPFIND','REPORT'] I knew someone would pick me up on that, as has been done before. My only excuse is that I am playing at this point. As it turns out, I should have been blocking "MOVE" and "DELETE" as well for that part of the tree. If I had taken the other approach of only allowing 'OPTIONS', 'GET', 'PROPFIND', 'REPORT' and 'COPY', then I would have indeed been okay for the default case. :-) Graham
|