- From: Clemm, Geoff <gclemm@rational.com>
- Date: Fri, 12 Oct 2001 14:53:40 -0400
- To: Webdav WG <w3c-dist-auth@w3c.org>
Depends on what you mean by "has the right to list the collection but not its members". If the client does not have the right to even see the names of the members, then the collection should just look empty, since the client should not be able to even know it has members. If the client has the right to see the name of members but not to see the properties of members, then listing their names with the Forbidden status seems reasonable to me. Cheers, Geoff -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de] Sent: Friday, October 12, 2001 7:33 AM To: Webdav WG Subject: PROPFIND behaviour regarding collections with non-listable members I think we have identified something that needs to be clarified in RFC2518: Given a collection X, where the principal does have rights to list the collection itself, but not it's members. Currently our server will distinguish between depth 0 and 1, that is a PROPFIND with depth 0 will report the collection (and it's properties) OK, while a PROPFIND with depth 1 will result in something like: <response> <href>X</href> <status>HTTP/1.1 403 Forbidden</status> </response> This is because once a response element for X is available, there's no other way to distinguish between the case where the collection actually is empty, or the collection is non-empty, but the principal doesn't have the right to list it's members. Feedback appreciated. Julian
Received on Friday, 12 October 2001 14:54:18 UTC