- From: Lisa Dusseault <lisa@xythos.com>
- Date: Fri, 12 Oct 2001 13:28:03 -0700
- To: "Clemm, Geoff" <gclemm@Rational.Com>, "Webdav WG" <w3c-dist-auth@w3c.org>
The Xythos WFS approach to this problem is the former described by Geoff. If you don't have permission to view anything inside a directory but you do have permission to view the directory, then the directory will appear empty. lisa > -----Original Message----- > From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Clemm, Geoff > Sent: Friday, October 12, 2001 11:54 AM > To: Webdav WG > Subject: RE: PROPFIND behaviour regarding collections with non-listable > me mbers > > > Depends on what you mean by "has the right to list the collection > but not its members". If the client does not have the right to even > see the names of the members, then the collection should just look > empty, since the client should not be able to even know it has > members. If the client has the right to see the name of members > but not to see the properties of members, then listing their names > with the Forbidden status seems reasonable to me. > > Cheers, > Geoff > > -----Original Message----- > From: Julian Reschke [mailto:julian.reschke@gmx.de] > Sent: Friday, October 12, 2001 7:33 AM > To: Webdav WG > Subject: PROPFIND behaviour regarding collections with non-listable > members > > > I think we have identified something that needs to be clarified > in RFC2518: > > Given a collection X, where the principal does have rights to list the > collection itself, but not it's members. > > Currently our server will distinguish between depth 0 and 1, that is a > PROPFIND with depth 0 will report the collection (and it's properties) OK, > while a PROPFIND with depth 1 will result in something like: > > <response> > <href>X</href> > <status>HTTP/1.1 403 Forbidden</status> > </response> > > This is because once a response element for X is available, > there's no other > way to distinguish between the case where the collection actually > is empty, > or the collection is non-empty, but the principal doesn't have > the right to > list it's members. > > Feedback appreciated. > > Julian
Received on Friday, 12 October 2001 16:29:09 UTC