xcap_server: enhaced sample config in readme

- refresh watchers also for delete (reported by Inaki Baz Castillo)
- check if authenticated user matches the user part in xuid, in this way
  an user is allowed to access and manage only its documents

modules_k/xcap_server/README

@@ -338,11 +338,22 @@ event_route[xhttp:request] {
                     "$var(xbody)");
             exit;
         }
+        # be sure auth user access only its documents
+        if ($au!=$(var(uri){uri.user})) {
+            xhttp_reply("403", "Forbidden", "text/html",
+                    "operation not allowed");
+            exit;
+        }
 
         xdbg("SCRIPT: xcap service $xcapuri(u=>auid) for $xcapuri(u=>xuid)\n");
         switch($rm) {
             case "PUT":
                 xcaps_put("$var(uri)", "$hu", "$rb");
+                if($xcapuri(u=>auid)=~"pres-rules")
+                {
+                    pres_update_watchers("$var(uri)", "presence");
+                    pres_refresh_watchers("$var(uri)", "presence", 1);
+                }
                 exit;
             break;
             case "GET":
@@ -351,6 +362,11 @@ event_route[xhttp:request] {
             break;
             case "DELETE":
                 xcaps_del("$var(uri)", "$hu");
+                if($xcapuri(u=>auid)=~"pres-rules")
+                {
+                    pres_update_watchers("$var(uri)", "presence");
+                    pres_refresh_watchers("$var(uri)", "presence", 1);
+                }
                 exit;
             break;
         }

modules_k/xcap_server/doc/xcap_server_admin.xml

@@ -390,11 +390,22 @@ event_route[xhttp:request] {
                     "$var(xbody)");
             exit;
         }
+        # be sure auth user access only its documents
+        if ($au!=$(var(uri){uri.user})) {
+            xhttp_reply("403", "Forbidden", "text/html",
+                    "operation not allowed");
+            exit;
+        }
 
         xdbg("SCRIPT: xcap service $xcapuri(u=>auid) for $xcapuri(u=>xuid)\n");
         switch($rm) {
             case "PUT":
                 xcaps_put("$var(uri)", "$hu", "$rb");
+                if($xcapuri(u=>auid)=~"pres-rules")
+                {
+                    pres_update_watchers("$var(uri)", "presence");
+                    pres_refresh_watchers("$var(uri)", "presence", 1);
+                }
                 exit;
             break;
             case "GET":
@@ -403,6 +414,11 @@ event_route[xhttp:request] {
             break;
             case "DELETE":
                 xcaps_del("$var(uri)", "$hu");
+                if($xcapuri(u=>auid)=~"pres-rules")
+                {
+                    pres_update_watchers("$var(uri)", "presence");
+                    pres_refresh_watchers("$var(uri)", "presence", 1);
+                }
                 exit;
             break;
         }