Vary on authorization for private responses

[gruntmaster-page.git] / lib / Plack / App / Gruntmaster.pm

diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm
index 0edfe5abd99615f54778a703cef7b8ee354663ce..1a0c7ab3946180379c607e6bcac81666df626f9e 100644 (file)
--- a/lib/Plack/App/Gruntmaster.pm
+++ b/lib/Plack/App/Gruntmaster.pm
@@ -113,7 +113,8 @@ sub dispatch_request{
 
                sub (/src/:job) {
                        return NOT_FOUND if !job;
-                       forbid job->private || job->problem->private || job->contest && job->contest->is_running;
+                       my $isowner = remote_user && remote_user->id eq job->rawowner;
+                       forbid !$isowner && (job->private || job->problem->private || job->contest && job->contest->is_running);
                        my @headers = ('X-Forever' => 1, 'Cache-Control' => 'public, max-age=604800', 'Content-Type' => CONTENT_TYPES->{job->format});
                        [200, \@headers, [job->source]]
                },
@@ -136,6 +137,7 @@ sub dispatch_request{
                                my ($r) = @_;
                                return $r if ref $r ne 'Plack::App::Gruntmaster::Response';
                                my @hdrs = ('X-Forever' => 1, 'Cache-Control' => "$privacy, max-age=$r->{maxage}");
+                               push @hdrs, Vary => 'Authorization' if $privacy eq 'private';
                                return [200, ['Content-Type' => 'application/json', @hdrs], [encode_json $r->{params}]] if $format eq 'json';
                                my $ret = render $r->{template}, 'en', title => $r->{title}, %{$r->{params}};
                                [200, ['Content-Type' => 'text/html', @hdrs], [encode 'UTF-8', $ret]]