#445 Get room members list if user is no admin or owner.
Reporter
jakub.krysakowski
Owner
Zash
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Milestone-0.10
Type-Enhancement
Priority-Medium
mod_muc
jakub.krysakowski
on
Xmpp documentation says:
Note: A service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a <forbidden/> error when a member in the room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. A service SHOULD also allow any member to retrieve the member list even if not yet an occupant.
*What steps will reproduce the problem?*
1. Request:
<body rid='1276383193' xmlns='http://jabber.org/protocol/httpbind' sid='f934d39b-0116-4e21-ae17-e1f254213444'><iq from='some_user@mydomain.com' to='lobby@conference.mydomain.com' type='get' xmlns='jabber:client' id='33:sendIQ'><query xmlns='http://jabber.org/protocol/muc#admin'><item affiliation='member'/></query></iq><iq from='some_user@mydomain.com' to='lobby@conference.mydomain.com' type='get' xmlns='jabber:client' id='34:sendIQ'><query xmlns='http://jabber.org/protocol/muc#admin'><item affiliation='member'/></query></iq></body>
some_user@mydomain.com is not owner or admin but he is member of room.
2. Most important part of response is:
<error type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
Expected: to get the list of all members in room (offline too).
Prosody version: 0.9.1
uname -a
Linux xxxxxx 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Zash
on
This is technically acceptable behavior, it is ok to break SHOULD.
The MUC rewrite currently in trunk however does follow these and lets members see the member list.
Changes
titleGet room members list if user is no admin or owner.
tagType-Enhancement
tagStatus-Accepted
tagmod_muc
Zash
on
I'd note that a member would only see members, not admins or owners, so this isn't going to behave exactly like you wish.
Daniel Gultsch
on
> I'd note that a member would only see members, not admins or owners, so this isn't going to behave exactly like you wish.
I don't see the XEP disallowing members to retrieve the admin and owner list as well.
This could really help to improve the UX for group chats in the style of modern day IM. ejabberd also does this now.
Conversations already has support for showing 'offline' members and it really does improve the UX a lot.
Xmpp documentation says: Note: A service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a <forbidden/> error when a member in the room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. A service SHOULD also allow any member to retrieve the member list even if not yet an occupant. *What steps will reproduce the problem?* 1. Request: <body rid='1276383193' xmlns='http://jabber.org/protocol/httpbind' sid='f934d39b-0116-4e21-ae17-e1f254213444'><iq from='some_user@mydomain.com' to='lobby@conference.mydomain.com' type='get' xmlns='jabber:client' id='33:sendIQ'><query xmlns='http://jabber.org/protocol/muc#admin'><item affiliation='member'/></query></iq><iq from='some_user@mydomain.com' to='lobby@conference.mydomain.com' type='get' xmlns='jabber:client' id='34:sendIQ'><query xmlns='http://jabber.org/protocol/muc#admin'><item affiliation='member'/></query></iq></body> some_user@mydomain.com is not owner or admin but he is member of room. 2. Most important part of response is: <error type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error> Expected: to get the list of all members in room (offline too). Prosody version: 0.9.1 uname -a Linux xxxxxx 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
This is technically acceptable behavior, it is ok to break SHOULD. The MUC rewrite currently in trunk however does follow these and lets members see the member list.
ChangesI'd note that a member would only see members, not admins or owners, so this isn't going to behave exactly like you wish.
> I'd note that a member would only see members, not admins or owners, so this isn't going to behave exactly like you wish. I don't see the XEP disallowing members to retrieve the admin and owner list as well. This could really help to improve the UX for group chats in the style of modern day IM. ejabberd also does this now. Conversations already has support for showing 'offline' members and it really does improve the UX a lot.
Fixed in https://hg.prosody.im/0.10/rev/4a178edc9847
Changes