On Tue, 2006-03-14 at 22:14 -0800, James M Snell wrote: > > Michael Bernstein wrote: > > On Tue, 2006-03-14 at 21:12 -0800, James M Snell wrote: > >> If the server responds indicating 204 Created, the entry should appear > >> within the feed. > > > > It was my understanding that generally speaking, the contents of a feed > > (like introspection docs) can vary with various factors including user > > authentication, in which case a conformant implementation still might > > not immediately show a successfully POSTed entry to the same user that > > created it, at least not until some other condition was met (such as a > > second user's approval). > > You know what, you're right, I'm wrong. Consider POST only feeds. I > may have the authority to POST and entry to the feed, but not be able to > turn around and read it. That doesn't change the 202 Accepted > discussion above, however.
Even if some other user *can* see the Entry in that same collection? I'm not talking about a POST-only feed (although that's an interesting use-case), but a feed where only *some* entries are visible to the POSTing user, when (for whatever reason) the newly posted Entry (though it *does* exist in the collection) is not (yet?) one of them. In other words, though I think the POST should succeed with a 204 and return a location header, a GET (by that same user) to the returned Entry location should result in a '403 Forbidden', and *not* a '404 Not Found'. Since the user cannot (yet?) GET the newly created Entry (though it *is* demonstrably there), I think it would be valid *not* to list it (for that user) when a GET is done to the collection. It seems to me that this behavior conforms with the spec, and constitutes a credible and useful use-case. - Michael
