function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders)
  if method == 'GET' and (username == 'user' or username == 'admin') then
    -- Read-only access (only GET method is allowed)
    return true
  elseif username == 'admin' and ip == '127.0.0.1' then
    -- Read-write access for administrator (any HTTP method is allowed on localhost)
    return true
  else
    -- Access is disallowed by default
    return false
  end
end