Index: services.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/services/Attic/services.install,v
retrieving revision 1.3.2.17
diff -u -r1.3.2.17 services.install
--- services.install	6 Sep 2008 23:17:30 -0000	1.3.2.17
+++ services.install	7 Jan 2009 21:22:47 -0000
@@ -124,3 +124,33 @@
   db_create_table($update, 'services_timestamp_nonce', $schema['services_timestamp_nonce']);
   return $update;
 }
+
+function services_update_6002() {
+  $schema['services_key_permissions'] = array(
+    'description' => t('Stores services method\'s access rights on a per API key basis.'),
+    'fields' => array(
+      'kid' => array(
+        'description' => t('The service key ID.'),
+        'type'        => 'char',
+        'length'      => 32,
+        'not null'    => TRUE,
+        'default'     => '',
+      ),
+      'method' => array(
+        'description' => t('Name of service method.'),
+        'type'        => 'varchar',
+        'length'      => 255,
+        'not null'    => TRUE,
+        'default'     => '',
+      ),
+    ),
+    'indexes' => array(
+      'api_key'       => array('kid'),
+      'method'        => array('method'),
+    ),
+    'unique key' => array('key_method' => array('kid','method')),
+  );
+  $update = array();
+  db_create_table($update, 'services_key_permissions', $schema['services_key_permissions']);
+  return $update;
+}
Index: services.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/services/Attic/services.module,v
retrieving revision 1.8.2.73
diff -u -r1.8.2.73 services.module
--- services.module	6 Sep 2008 23:17:30 -0000	1.8.2.73
+++ services.module	7 Jan 2009 22:13:24 -0000
@@ -305,6 +305,11 @@
     if (!services_validate_key($api_key, $timestamp, $domain, $nonce, $method_name, $hash_parameters, $hash)) {
       return services_error(t('Invalid API key.'));
     }
+
+    if (!db_result(db_query("SELECT COUNT(*) FROM {services_key_permissions} 
+        WHERE kid = '%s' AND method = '%s'", $api_key, $method_name))) {
+      return services_error(t('Access denied.'));
+    }
   }
 
   // Add additonal processing for methods requiring authentication
Index: services_admin_keys.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/services/Attic/services_admin_keys.inc,v
retrieving revision 1.3.2.13
diff -u -r1.3.2.13 services_admin_keys.inc
--- services_admin_keys.inc	6 Sep 2008 04:13:07 -0000	1.3.2.13
+++ services_admin_keys.inc	7 Jan 2009 21:42:20 -0000
@@ -51,12 +51,18 @@
     '#default_value'  => $key->kid,
   );
 
+  $accessible_methods = array();
   if ($key->kid) {
     $form['key'] = array(
       '#type'           => 'markup',
       '#title'          => t('Key'),
       '#value'          => '<strong>'. t('API Key') .':</strong> '. $key->kid,
     );
+
+    $result = db_query("SELECT method FROM {services_key_permissions} WHERE kid = '%s'", $key->kid);
+    while ($kid = db_fetch_object($result)) {
+      $accessible_methods[] = $kid->method;
+    }
   }
 
   $form['title'] = array(
@@ -72,6 +78,18 @@
     '#description'    => t('External domain allowed to use this key.'),
   );
 
+  $methods = services_get_all();
+  foreach ($methods as $method) {
+    $form_methods[$method['#method']] = $method['#method'];
+  }
+  $form['method_access'] = array(
+    '#type' => 'checkboxes',
+    '#title' => t('Method access'),
+    '#options' => $form_methods,
+    '#default_value' => $accessible_methods,
+    '#description' => t('Define which methods are accessible.'),
+  );
+
   $form['submit'] = array(
     '#type'           => 'submit',
     '#value'          => $key->title ? t('Save key') : t('Create key'),
@@ -95,17 +113,33 @@
   if ($is_existing) {
     db_query("UPDATE {services_keys} SET title = '%s', domain = '%s'
       WHERE kid = '%s'", $key['title'], $key['domain'], $key['kid']);
+
+    db_query("DELETE FROM {services_key_permissions} WHERE kid = '%s'", $key['kid']);
+    foreach ($key['method_access'] as $method => $value) {
+    	if ($value) {
+        db_query("INSERT INTO {services_key_permissions} (kid, method) VALUES ('%s', '%s')", $key['kid'], $value);
+    	}
+    }
+
     return SAVED_UPDATED;
   }
   else {
     db_query("INSERT INTO {services_keys} (kid, title, domain)
       VALUES ('%s', '%s', '%s')", $key['kid'], $key['title'], $key['domain']);
+
+    foreach ($key['method_access'] as $method => $value) {
+    	if ($value) {
+        db_query("INSERT INTO {services_key_permissions} (kid, method) VALUES ('%s', '%s')", $key['kid'], $value);
+    	}
+    }
+
     return SAVED_NEW;
   }
 }
 
 function services_admin_keys_delete($kid) {
   db_query("DELETE FROM {services_keys} WHERE kid = '%s'", $kid);
+  db_query("DELETE FROM {services_key_permissions} WHERE kid = '%s'", $kid);
 }
 
 function services_admin_keys_delete_confirm(&$form_state, $kid = 0) {