diff --git a/routeSQL.php b/routeSQL.php
index 70f2f8d..b879f43 100644
--- a/routeSQL.php
+++ b/routeSQL.php
@@ -40,6 +40,8 @@ class routeSQL
   /** The cookie path used to determine the old parameters
       It is automatically generated with the URL */
   public $path = "";
+  /** Authentication */
+  public $auth = array ("email"=>"anonymous");
   /** The model file containing the database description */
   private $model_file = "";
   /** The model class included in the model file */
@@ -245,7 +247,7 @@ class routeSQL
   }
 
   /** Create the routes and the associated actions */
-  public function routes ()
+  public function routesHTML ()
   {
 	  /** Add HTML routes */
 	  $route = new route ();
@@ -254,10 +256,18 @@ class routeSQL
       $route->redirect ("/".$this->url_prefix, "");
     });
 
-	  $route->get ($this->url_prefix."(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?",
+	  $route->get ($this->url_prefix.
+                 "(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?",
       function ($p1, $v1, $p2, $v2, $p3, $v3) use ($route)
 	  {
-	    // LIST ALL THE OBJECTS OF THE TABLE
+	    // List all the objects of the table
+      if ($this->accessright () !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+
       // num is the number of elements displayed by page
       // page is the page to display
       // Allow the parameters to be sent in any order
@@ -456,7 +466,22 @@ echo $content;
 	  $route->get ($this->url_prefix."/{id}/delete/{token}",
                  function ($id, $token)
 	  {
-	    echo "DELETE AN EXISTING OBJECT IF THE TOKEN IS VALID !";
+	    // Delete an existing object if the token is valid
+      if ($this->accessright ($id) !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->editright ($id) !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->readonly ($id) === TRUE)
+        throw new Exception (_("Access forbidden"), 403);
+
 	    $this->connect();
       $csrf = new csrf ();
       $renderer = new renderer ();
@@ -479,6 +504,21 @@ echo $content;
 	  $route->get ($this->url_prefix."/add", function () 
 	  {
       // Add a new entry : form to be filled by the user
+      if ($this->accessright () !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->editright () !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->readonly () === TRUE)
+        throw new Exception (_("Access forbidden"), 403);
+
 	    $this->connect();
       $content = $this->showflash ();
       $values = array ();
@@ -525,6 +565,21 @@ echo $content;
 	  $route->post ($this->url_prefix."/add", function () use ($route) 
 	  {
       // Add a new entry : effective save of the datas
+      if ($this->accessright () !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->editright () !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->readonly () === TRUE)
+        throw new Exception (_("Access forbidden"), 403);
+
 	    $this->connect();
       $f = new form ();
       $values = $f->values ();
@@ -560,7 +615,16 @@ echo $content;
 
 	  $route->get ($this->url_prefix."/{id}", function ($id)
 	  {
-      // LIST THE DETAILS OF ONE EXISTING OBJECT !
+      // List the details of one existing object
+      if ($this->accessright ($id) !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      $editright = $this->editright ($id);
+      $readonly = $this->readonly ($id);
+
 	    $this->connect();
       $content = $this->showflash ();
       $values = array ();
@@ -595,15 +659,20 @@ echo $content;
           $field->mandatory = true;
         if (in_array ("autoincrement", $this->objectDB->fields[$key]))
           $field->type = "hidden";
+        if ($readonly === true || $editright === false)
+          $field->readonly = true;
         $fields[] = $field;
         unset ($field);
       }
 
-      $field = new formfield ("submit", _("Save the zone"));
-      $field->defaults = _("Save the zone");
-      $field->type = "submit";
-      $fields[] = $field;
-      unset ($field);
+      if ($readonly === false && $editright === true)
+      {
+        $field = new formfield ("submit", _("Save the datas"));
+        $field->defaults = _("Save the datas");
+        $field->type = "submit";
+        $fields[] = $field;
+        unset ($field);
+      }
       $f->fields ($fields);
       $content .= $f->printHTML ("post", $values, $errors);
 echo $content;
@@ -611,7 +680,22 @@ echo $content;
 
 	  $route->post ($this->url_prefix."/{id}", function ($id) use ($route)
 	  {
-	    // SAVE THE DETAILS OF ONE EXISTING OBJECT !
+	    // Save the details of one existing object
+      if ($this->accessright ($id) !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->editright ($id) !== TRUE)
+      {
+        if ($this->auth["email"] === "anonymous")
+          throw new Exception (_("Anonymous not allowed"), 401);
+        throw new Exception (_("Access forbidden"), 403);
+      }
+      if ($this->readonly ($id) === TRUE)
+        throw new Exception (_("Access forbidden"), 403);
+
 	    $this->connect();
       $oldvalues = $this->objectDB->read (array (array 
                                               ($this->objectDB->primary, $id)));
@@ -652,4 +736,25 @@ echo $content;
       $route->redirect ("/".$this->url_prefix."/$id", "");
 	  });
   }
+
+  /** Authorization : Return TRUE if the user right allow to see the datas
+      Return FALSE else */
+  public function accessright ()
+  {
+    return TRUE;
+  }
+
+  /** Authorization : Return TRUE if the user right allow to edit the datas 
+      Return FALSE else */
+  public function editright ()
+  {
+    return TRUE;
+  }
+
+  /** Authorization : Return TRUE if the $id is in READONLY for the user or
+      FALSE if the user have the RW rights */
+  public function readonly ()
+  {
+    return FALSE;
+  }
 }