I have now found a solution that works - here it is!
{
http_port 8080
order webdav before file_server
order handle before webdav
}
:8080 {
rewrite /dav/media /dav/media/
route /dav/media* {
basicauth {
alba-guest <psw>
alba-shared <psw>
}
# Thank you mholt for hinting at a solution
# https://github.com/mholt/caddy-webdav/issues/27
# https://caddy.community/t/disallow-webdav-write-http-methods-for-certain-user/20781
@webdavAccess2 {
not {
not {
vars {http.auth.user.id} "alba-shared"
method GET HEAD OPTIONS PROPFIND TRACE DELETE POST PUT PROPPATCH MKCOL MOVE LOCK UNLOCK COPY
}
not {
vars {http.auth.user.id} "alba-guest"
method GET HEAD OPTIONS PROPFIND
}
}
}
@guestUnauthorized {
expression {http.auth.user.id} == "alba-guest"
not method GET HEAD OPTIONS PROPFIND
}
handle @guestUnauthorized {
respond 403
}
webdav @webdavAccess2 {
root /srv/http/dav/All
prefix /dav/media
}
file_server
}
}
I am not sure I need the order directives at the top but I fiddled enough with this for now so I’ll leave them 