Who is your user? is it the same user as your webserver user?
Two ideas —and, sorry, I’m not sure exactly how they work; it’s been a while since I did this. Also note that, even though I’ve done this, I’m a casual, not a sysadmin. You’ll have to mess around with it a bit.
If your user is not the webserver user, then each user can have different permissions for the group. I think you’d probably make your user the owner, with full permissions, and use lesser (group) permissions for the webserver user.
Keep in mind that if your webserver can’t write, you can’t have your scripts do any filesystem stuff. (e.g., uploading, or even PHP sessions, might stop working if you lock things down too tight.) As long as the webserver user cannot write outside of the webserver directory, and you’re careful about its bash profile and what files it is allowed to execute, you should be okay. If your code is modular enough, you can keep it all in a r+x directory (so it can be used but not messed with), and set aside r+w+x directories for the webserver to have free reign in.