Fix username checking

RADAR-base · Jun 4, 2024 · bdfab6e · bdfab6e
1 parent e7e065c
commit bdfab6e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...ard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt b/...ard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt
@@ -53,7 +53,7 @@ class ObservationResource(
         @PathParam("topicId") topicId: String,
     ): ObservationListDto {
         if (request.securityContext != null && request.securityContext is RadarSecurityContext) {
-            val userName = (request.securityContext as RadarSecurityContext).userPrincipal
+            val userName = (request.securityContext as RadarSecurityContext).auth.token.username
             log.info("User $userName is accessing observations for $subjectId")
             if (!subjectId.equals(userName)) throw NotFoundException("Subjects can only request their own observations.")
             return observationService.getObservations(projectId = projectId, subjectId = subjectId, topicId = topicId)