From ad9e30bba84920518e1a51e29616bffd5a4000b3 Mon Sep 17 00:00:00 2001 From: Mirco Nasuti <mirco.nasuti@chuv.ch> Date: Tue, 19 Jan 2016 13:45:39 +0100 Subject: [PATCH] check own param in ModelApi --- src/main/java/org/hbp/mip/controllers/ModelsApi.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/hbp/mip/controllers/ModelsApi.java b/src/main/java/org/hbp/mip/controllers/ModelsApi.java index 5c1469390..ae96515c5 100644 --- a/src/main/java/org/hbp/mip/controllers/ModelsApi.java +++ b/src/main/java/org/hbp/mip/controllers/ModelsApi.java @@ -37,7 +37,10 @@ public class ModelsApi { @ApiParam(value = "Max number of results") @RequestParam(value = "limit", required = false) Integer limit, @ApiParam(value = "Only ask own models") @RequestParam(value = "own", required = false) Boolean own, @ApiParam(value = "Only ask models from own team") @RequestParam(value = "team", required = false) Boolean team, - @ApiParam(value = "Only ask valid models") @RequestParam(value = "valid", required = false) Boolean valid) throws NotFoundException { + @ApiParam(value = "Only ask valid models") @RequestParam(value = "valid", required = false) Boolean valid, + Principal principal) throws NotFoundException { + + User user = MIPApplication.getUser(principal); String queryString = "select m from Model m, User u where m.createdBy=u.id"; @@ -58,7 +61,7 @@ public class ModelsApi { org.hibernate.Query query = session.createQuery(queryString); if(own != null) { - query.setString("username", "nasuti"); + query.setString("username", user.getUsername()); } List<Model> models = query.list(); session.getTransaction().commit(); -- GitLab