On Tue, Apr 12, 2005 at 09:26:56AM +0200, Ralph Meijer wrote: > While working on Idavoll last week, I discovered that when another resource of > the same JID that was subscribed requests the items, you get a not-authorized. > Maybe it would be better to check against the bare JID (without resource)?
So the subscriber is <[EMAIL PROTECTED]/resource>? If so, then it seems correct for Idavoll to refuse access. If the subscriber is [EMAIL PROTECTED], then it is probably right to allow access from any resource. (It's always a bit dangerous to make assumptions about what an entity is based on the JID, e.g., [EMAIL PROTECTED] could be [EMAIL PROTECTED], I suppose.) > Being an owner does not automatically allow you to get items. That's probably > not desirable, but it isn't really clear from the spec. Well, let's clarify that, then! :-) > Also, should publishers > that are not subscribed be allowed to get items? Hmm. Is that kind of special-casing a problem in the code? It does seem reasonable that owners and publishers would be allowed to get items, but of course they could simply subscribe, too. Peter _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
