From 4953a80cce16a75e3802889dddb0586980c8ffa3 Mon Sep 17 00:00:00 2001
From: Stein Magnus Jodal <stein.magnus@jodal.no>
Date: Fri, 21 Jan 2011 02:20:07 +0100
Subject: [PATCH] Add FIXME's to 'commands' and 'notcommands', as they
 currently do not care if the client is authenticated or not

---
 mopidy/frontends/mpd/protocol/reflection.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/mopidy/frontends/mpd/protocol/reflection.py b/mopidy/frontends/mpd/protocol/reflection.py
index d2c9c599..83efdd94 100644
--- a/mopidy/frontends/mpd/protocol/reflection.py
+++ b/mopidy/frontends/mpd/protocol/reflection.py
@@ -9,9 +9,12 @@ def commands(frontend):
         ``commands``
 
         Shows which commands the current user has access to.
-
-    As permissions is not implemented, any user has access to all commands.
     """
+    # FIXME When password auth is turned on and the client is not
+    # authenticated, 'commands' should list only the commands the client does
+    # have access to. To implement this we need access to the session object to
+    # check if the client is authenticated or not.
+
     sorted_commands = sorted(list(mpd_commands))
 
     # Not shown by MPD in its command list
@@ -51,9 +54,11 @@ def notcommands(frontend):
         ``notcommands``
 
         Shows which commands the current user does not have access to.
-
-    As permissions is not implemented, any user has access to all commands.
     """
+    # FIXME When password auth is turned on and the client is not
+    # authenticated, 'notcommands' should list all the commands the client does
+    # not have access to. To implement this we need access to the session
+    # object to check if the client is authenticated or not.
     pass
 
 @handle_pattern(r'^tagtypes$')