On Fri, 2005-01-14 at 10:11 +1100, Michael Smith wrote: ... snip ... > Now, a client can _also_ use a request for the acl property on a > resource to figure out what permissions the user has. So it's possible > (though somewhat tricky) to figure out whether the user would be able to > write the resource if they tried to. If you did that, you'd find that, > since the user is a member of the 2nd group (with write permissions), > the ACL will indirectly say that the user DOES have write permissions.
You can request the current-user-privilege-set property and have the server to figure it out for you. That's assuming you can control the behavior of the client :). -James --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]