W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: PROPFIND behaviour regarding collections with non-listable me mbers

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 12 Oct 2001 21:03:39 +0200
To: "Clemm, Geoff" <gclemm@rational.com>, "Webdav WG" <w3c-dist-auth@w3c.org>
Message-ID: <JIEGINCHMLABHJBIGKBCMEPJDDAA.julian.reschke@gmx.de>
Well,

that's something we could do, but that would hide the difference between a
collection that's empty and a collection where you don't have "list"
permission to. I'm not sure this is a good idea.

> -----Original Message-----
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Clemm, Geoff
> Sent: Friday, October 12, 2001 8:54 PM
> To: Webdav WG
> Subject: RE: PROPFIND behaviour regarding collections with non-listable
> me mbers
>
>
> Depends on what you mean by "has the right to list the collection
> but not its members".  If the client does not have the right to even
> see the names of the members, then the collection should just look
> empty, since the client should not be able to even know it has
> members.  If the client has the right to see the name of members
> but not to see the properties of members, then listing their names
> with the Forbidden status seems reasonable to me.
>
> Cheers,
> Geoff
>
> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Friday, October 12, 2001 7:33 AM
> To: Webdav WG
> Subject: PROPFIND behaviour regarding collections with non-listable
> members
>
>
> I think we have identified something that needs to be clarified
> in RFC2518:
>
> Given a collection X, where the principal does have rights to list the
> collection itself, but not it's members.
>
> Currently our server will distinguish between depth 0 and 1, that is a
> PROPFIND with depth 0 will report the collection (and it's properties) OK,
> while a PROPFIND with depth 1 will result in something like:
>
> <response>
> 	<href>X</href>
> 	<status>HTTP/1.1 403 Forbidden</status>
> </response>
>
> This is because once a response element for X is available,
> there's no other
> way to distinguish between the case where the collection actually
> is empty,
> or the collection is non-empty, but the principal doesn't have
> the right to
> list it's members.
>
> Feedback appreciated.
>
> Julian
>
Received on Friday, 12 October 2001 15:03:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT