RESTful API authorization on entities/resources?

Question

I am working on an API in a system that has very complex access control rules. Often times there are complex SQL queries required to determine if a user has read or write ac

Answer 1

Not trying to resurrect an old question, but I came here searching for almost exactly the same thing and wanted to add a solution that I think is more RESTful.

I haven't actually implemented this but think it may help others who come here...

Your second option is very nearly what I think should be done, but instead of a get use the OPTIONS verb to your resource which will then return an "allow" header with a list of available verbs for that resource.

OPTIONS /listing/5

Assuming your resources are fine-grained enough for this to make sense, then you would know if you can make a POST/DELETE