I have actually managed to do this quite easily. The only question i have now is if you can specify a condition for a rule that says it has to be a particular user or that the user needs to be in a particular role.
Does anyone have any ideas on if or how this could be done? I assume the info should be accessible to the rewriter as authentication does infact happen before it is called so it would just be a matter of the correct syntax to do the check or needed
to add a condition that can check it maybe?