jp-gouin opened a new pull request #3691:
URL: https://github.com/apache/apisix/pull/3691
### What this PR does / why we need it:
Fix for #3635
Add the possibility to add `allowed_methods` for a user when `whitelist` is
set.
This will restrict the user to only performed the HTTP action matching the
list specified in `allowed_method.methods`
This is the format :
```
"plugins": {
"key-auth": {},
"consumer-restriction": {
"whitelist": [
"jack1"
],
"allowed_methods":[{
"user": "jack1",
"methods": ["POST"]
}]
}
}
```
I choose to add a dedicated section instead of modifying the existing
`whitelist` one because i think it's more readable.
When nothing is set , then only the whitelist is applied .
And in order to set `allowed_methods` , `whitelist` is required.
### Pre-submission checklist:
Test case updated with 2 basics tests
1. only allow `post` on resources and try to `get` the resource ->
unauthorized
2. Add `get`capability to the user and try to `get` the resource ->
authorized
Add 2 test cases for testing the plugin scheme
1. Only `allowed_methods` is set -> failed
2. `allowed_methods` is set with `blacklist` -> failed
English documentation updated , any help for the Chineese one would be
appreciated.
* [X] Did you explain what problem does this PR solve? Or what new features
have been added?
* [X] Have you added corresponding test cases?
* [X] Have you modified the corresponding document?
* [X] Is this PR backward compatible? **If it is not backward compatible,
please discuss on the [mailing
list](https://github.com/apache/apisix/tree/master#community) first**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
