From 28e89d6c6215c1eee381a31e409cf50deaacf883 Mon Sep 17 00:00:00 2001
From: Marius Gavrilescu <marius@ieval.ro>
Date: Sat, 20 Dec 2014 16:43:19 +0200
Subject: [PATCH] Enforce job privacy

---
 lib/Plack/App/Gruntmaster.pm | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm
index 56f0ec1..14e7987 100644
--- a/lib/Plack/App/Gruntmaster.pm
+++ b/lib/Plack/App/Gruntmaster.pm
@@ -157,7 +157,10 @@ sub dispatch_request{
 
 		sub (/us/:user)    { response us_entry => user->name, db->user_entry($_{user}) },
 		sub (/ct/:contest) { response ct_entry => contest->name, db->contest_entry($_{contest}) },
-		sub (/log/:job)    { response log_entry => "Job  $_{job}", db->job_entry($_{job}) },
+		sub (/log/:job)    {
+			forbid job->private;
+			response log_entry => "Job  $_{job}", db->job_entry($_{job})
+		},
 		sub (/pb/:problem + ?contest~) {
 			my (undef, undef, $contest) = @_;
 			$_{contest} = $contest;
@@ -196,7 +199,7 @@ sub dispatch_request{
 			reply 'Password changed successfully';
 		},
 
-		sub (/action/submit + %:problem=&:contest~&:prog_format=&:private~&:source_code~ + *:prog~) {
+		sub (/action/submit + %:problem=&:contest~&:prog_format=&:source_code~ + *:prog~) {
 			forbid !remote_user;
 			return reply 'This contest has finished' if contest && contest->is_finished;
 			return reply 'This contest has not yet started' if !admin && contest && contest->is_pending;
@@ -208,7 +211,7 @@ sub dispatch_request{
 			unlink $_{prog}->path if $_{prog};
 			db->jobs->create({
 				maybe contest => $_{contest},
-				maybe private => $_{private},
+				maybe private => problem->private,
 				date => time,
 				extension => FORMAT_EXTENSION->{$_{prog_format}},
 				format => $_{prog_format},
-- 
2.39.2