From ad9e30bba84920518e1a51e29616bffd5a4000b3 Mon Sep 17 00:00:00 2001
From: Mirco Nasuti <mirco.nasuti@chuv.ch>
Date: Tue, 19 Jan 2016 13:45:39 +0100
Subject: [PATCH] check own param in ModelApi

---
 src/main/java/org/hbp/mip/controllers/ModelsApi.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/hbp/mip/controllers/ModelsApi.java b/src/main/java/org/hbp/mip/controllers/ModelsApi.java
index 5c1469390..ae96515c5 100644
--- a/src/main/java/org/hbp/mip/controllers/ModelsApi.java
+++ b/src/main/java/org/hbp/mip/controllers/ModelsApi.java
@@ -37,7 +37,10 @@ public class ModelsApi {
             @ApiParam(value = "Max number of results") @RequestParam(value = "limit", required = false) Integer limit,
             @ApiParam(value = "Only ask own models") @RequestParam(value = "own", required = false) Boolean own,
             @ApiParam(value = "Only ask models from own team") @RequestParam(value = "team", required = false) Boolean team,
-            @ApiParam(value = "Only ask valid models") @RequestParam(value = "valid", required = false) Boolean valid) throws NotFoundException {
+            @ApiParam(value = "Only ask valid models") @RequestParam(value = "valid", required = false) Boolean valid,
+            Principal principal) throws NotFoundException {
+
+        User user = MIPApplication.getUser(principal);
 
         String queryString = "select m from Model m, User u where m.createdBy=u.id";
 
@@ -58,7 +61,7 @@ public class ModelsApi {
         org.hibernate.Query query = session.createQuery(queryString);
         if(own != null)
         {
-            query.setString("username", "nasuti");
+            query.setString("username", user.getUsername());
         }
         List<Model> models = query.list();
         session.getTransaction().commit();
-- 
GitLab