diff --git a/src/main/java/fr/aireisti/aircontest/ressources/ExerciceResource.java b/src/main/java/fr/aireisti/aircontest/ressources/ExerciceResource.java index 53b2a9b..3ac9e0f 100644 --- a/src/main/java/fr/aireisti/aircontest/ressources/ExerciceResource.java +++ b/src/main/java/fr/aireisti/aircontest/ressources/ExerciceResource.java @@ -129,9 +129,13 @@ public Response getInput(@PathParam("id") String id) { } @GET + @Secured @Path("{id}/outputFile") @Produces(MediaType.TEXT_PLAIN) - public Response getOutput(@PathParam("id") String id) { + public Response getOutput(@PathParam("id") String id, @Context SecurityContext securityContext) { + if ( ! securityContext.isUserInRole("Admin") ) + throw new NotAuthorizedException(""); + Exercice exercice = getExercice(Integer.parseInt(id)); Response.ResponseBuilder response = Response.ok(exercice.getOutputFile()); response.header("Content-Disposition", "attachment; filename=\"output_exercice_" + id + ".txt\""); diff --git a/src/main/java/fr/aireisti/aircontest/ressources/Serializable.java b/src/main/java/fr/aireisti/aircontest/ressources/Serializable.java index 6e069e5..7fad7c1 100644 --- a/src/main/java/fr/aireisti/aircontest/ressources/Serializable.java +++ b/src/main/java/fr/aireisti/aircontest/ressources/Serializable.java @@ -8,10 +8,9 @@ import javax.ws.rs.InternalServerErrorException; public class Serializable { - private static Session session; public static String saveObject(InitModel object){ - session = HibernateUtil.getSessionFactory().openSession(); + Session session = HibernateUtil.getSessionFactory().openSession(); Transaction tx = null; try { @@ -30,7 +29,7 @@ public static String saveObject(InitModel object){ } public static void updateObject(InitModel object, Integer id) { - session = HibernateUtil.getSessionFactory().openSession(); + Session session = HibernateUtil.getSessionFactory().openSession(); Transaction tx = null; try {