jp-gouin opened a new pull request #3691: URL: https://github.com/apache/apisix/pull/3691
### What this PR does / why we need it: Fix for #3635 Add the possibility to add `allowed_methods` for a user when `whitelist` is set. This will restrict the user to only performed the HTTP action matching the list specified in `allowed_method.methods` This is the format : ``` "plugins": { "key-auth": {}, "consumer-restriction": { "whitelist": [ "jack1" ], "allowed_methods":[{ "user": "jack1", "methods": ["POST"] }] } } ``` I choose to add a dedicated section instead of modifying the existing `whitelist` one because i think it's more readable. When nothing is set , then only the whitelist is applied . And in order to set `allowed_methods` , `whitelist` is required. ### Pre-submission checklist: Test case updated with 2 basics tests 1. only allow `post` on resources and try to `get` the resource -> unauthorized 2. Add `get`capability to the user and try to `get` the resource -> authorized Add 2 test cases for testing the plugin scheme 1. Only `allowed_methods` is set -> failed 2. `allowed_methods` is set with `blacklist` -> failed English documentation updated , any help for the Chineese one would be appreciated. * [X] Did you explain what problem does this PR solve? Or what new features have been added? * [X] Have you added corresponding test cases? * [X] Have you modified the corresponding document? * [X] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first** ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org