I have a directory with subdirectories which are either: - public, which means everybody (even unauthenticated users) should be able to view them. - private, which means only authenticated users who are also admins should be able to view them.
What I've tried is:
<Directory /path/to/parent/directory/*/>
AuthName MyApp
PerlSetVar AuthenPassphraseRootdir /path/to/wherever
PerlSetVar AuthzCapsRootdir /path/to/wherever
PerlAuthenHandler Apache2::Authen::Passphrase
PerlAuthzHandler Apache2::AuthzCaps
PerlAuthzHandler MyApp::private
Require admin-if-private
</Directory>
where MyApp::private looks like (simplified):
sub resource_is_private { ... }
sub is_admin { ... }
sub private{
my $r = shift;
for my $requirement (map { $_->{requirement} } @{$r->requires}) {
my ($command, @args) = split ' ', $requirement;
given ($command){
when('admin-if-private'){
return OK if !resource_is_private || ($r->user &&
is_admin $r->user)
}
}
}
DECLINED
}
However, apache2 asks for authentication for access to any subdirectory
(because of the Require directive), and denies access if the user
does not provide valid credentials.
One idea I had is to drop the require, and write a PerlInitHandler that
checks if the subdirectory is private and if yes it tells apache2 to
request authentication (but I don't know how to do this).
Another is to add a dummy PerlAuthenHandler that returns OK if the
subdirectory is public, and DECLINED otherwise. But it would have to run
before the other authentication handler, and I don't know how to order
handlers (Do the handlers run in the order of the Perl*Handler
directives? If yes, is this documented somewhere or may it change in a
future release?).
--
Marius Gavrilescu
pgp5OSAI_KED6.pgp
Description: PGP signature
