[jdev] Ad-Hoc Commands permissions

Norman Rasmussen normanr at gmail.com
Sun Aug 28 14:46:51 CDT 2005 

re:
  RFC 3920, Section 9.3.2, and
  JEP-0050, Section 4.4

I think the correct response should be:

<iq from="msn.delx.cjb.net" type="error" id="ac83a"
to="james at delx.cjb.net/Powerbook">
  <command xmlns="http://jabber.org/protocol/commands"
    node="connectusers" />
  <error type='cancel' code='403'>
    <forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
    <text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas">The requesting
entity does not possess the required permissions to perform the
action.</text>
  </error>
</iq>

I seem to think that type should be 'auth' and not 'cancel' (as the
jep states). The rfc says auth means 'retry after providing
credentials', which includes out-of-band.  The irc transport currently
uses 'auth'.  The MSN transport is currently using 401, whereas the
jep seems to think it should be 403.  Again 401/auth might be seen as
something the user might be able to fix if they supply new credentials
in-band, and 403/forbidden implies that the user will never be able to
do it - requiring out-of-band changes to allow it.

Psi doesn't currently report the error condition, it probably should. 
In fact this will probably get fixed when Psi stops treating command
stages as separate entities, and links them together coherently.  (you
might notice atm, that each stage is a new window, which is wrong)

On 27/08/05, James Bunton <james at delx.cjb.net> wrote:
> Hi all.
> 
> I'm implementing a few ad-hoc commands in PyMSNt.
> 
> What should I send as a response if the requesting client doesn't have
> permission to execute the command?
> At the moment it goes like this
> 
> <iq type="set" to="msn.delx.cjb.net" id="ac83a" >
> <command xmlns="http://jabber.org/protocol/commands"
> node="connectusers" />
> </iq>
> 
> <iq from="msn.delx.cjb.net" type="error" id="ac83a"
> to="james at delx.cjb.net/Powerbook" >
> <error type="cancel" code="401" >
> <not-authorized/>
> </error>
> </iq>
> 
> 
> Psi (with ad-hoc patches) doesn't display any error though, and
> JEP-0050 doesn't actually mention an error case for lack of
> permissions.
> 
> ---
> 
> James
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/

More information about the JDev mailing list