Skip to content

Commit

Permalink
XEP-0045: Members should be allowed to retrieve the member list only …
Browse files Browse the repository at this point in the history
…in non-anonymous rooms

When a room is configured to be semi-anonymous, there clearly is an intent to hide JIDs. In such rooms, members SHOULD NOT be allowed to retrieve the member list (as that list MUST contain the JID of each member).
  • Loading branch information
guusdk committed Aug 17, 2024
1 parent cf21852 commit f6f6faa
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions xep-0045.xml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,12 @@
<version>1.35.0</version>
<date>2024-08-14</date>
<initials>gk</initials>
<remark><p>Allow non-owners to retrieve owner and admin lists in non-anonymous rooms.</p></remark>
<remark>
<ul>
<li>Allow non-owners to retrieve owner and admin lists in non-anonymous rooms.</li>
<li>Members should be allowed to retrieve the member list only in non-anonymous rooms.</li>
</ul>
</remark>
</revision>
<revision>
<version>1.34.6</version>
Expand Down Expand Up @@ -992,7 +997,7 @@
<td>N/A</td>
</tr>
<tr>
<td>Retrieve Member List</td>
<td>Retrieve Member List***</td>
<td>No</td>
<td>No</td>
<td>Yes</td>
Expand Down Expand Up @@ -1066,6 +1071,7 @@
</table>
<p>* As a default, an unaffiliated user enters a moderated room as a visitor, and enters an open room as a participant. A member enters a room as a participant. An admin or owner enters a room as a moderator.</p>
<p>** As noted, a moderator SHOULD NOT be allowed to revoke moderation privileges from someone with a higher affiliation than themselves (i.e., an unaffiliated moderator SHOULD NOT be allowed to revoke moderation privileges from an admin or an owner, and an admin SHOULD NOT be allowed to revoke moderation privileges from an owner).</p>
<p>*** When a room is configured to be semi-anonymous, there clearly is an intent to hide JIDs. In such rooms, members SHOULD NOT be allowed to retrieve the member list (as that list MUST contain the JID of each member).</p>
</section3>

<section3 topic='Changing Affiliations' anchor='affil-change'>
Expand Down Expand Up @@ -3485,7 +3491,7 @@
</query>
</iq>
]]></example>
<p>Note: A service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a &forbidden; error when a member in the room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. A service SHOULD also allow any member to retrieve the member list even if not yet an occupant.</p>
<p>Note: If the room is non-anonymous, a service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a &forbidden; error when a member in such a room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. If the room is non-anonymous, a service SHOULD also allow any member to retrieve the member list even if not yet an occupant.</p>
<p>The service MUST then return the full member list to the admin qualified by the 'http://jabber.org/protocol/muc#admin' namespace; each item MUST include the 'affiliation' and 'jid' attributes and MAY include the 'nick' and 'role' attributes for each member that is currently an occupant.</p>
<example caption='Service Sends Member List to Admin'><![CDATA[
<iq from='[email protected]'
Expand Down

0 comments on commit f6f6faa

Please sign in to comment.