jp-gouin commented on a change in pull request #3691:
URL: https://github.com/apache/apisix/pull/3691#discussion_r585660842
##########
File path: docs/en/latest/plugins/consumer-restriction.md
##########
@@ -116,6 +117,80 @@ HTTP/1.1 403 Forbidden
{"message":"The consumer_name is forbidden."}
```
+### How to restrict `allowed_methods`
+
+This example restrict the user `jack1` to only `POST` on the resource
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "plugins": {
+ "basic-auth": {},
+ "consumer-restriction": {
+ "whitelist": [
Review comment:
If so that would mean some rework of the whole plugin.
Right now the `allowed_by_methods` required to set the list of methods , so
if we drop `whitelist`we need a quick setup . Like if there is no method , then
full access ? or the user still has to set the list of method but we take into
account a `*` wildcard ?
```
"consumer-restriction": {
"allowed_by_methods":[{
"user": "jack1",
"methods": [] ---> Full access or full restriction ?
}]
}
```
```
"consumer-restriction": {
"allowed_by_methods":[{
"user": "jack1",
"methods": ["*"] ---> Full access instead of putting the
full list ?
}]
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
