diff --git a/pom.xml b/pom.xml
index d84f009..8513f8c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
org.gcube.data.analysis.tabulardata
tabular-data-manager
- 1.8.1-SNAPSHOT
+ 1.8.2-SNAPSHOT
war
diff --git a/src/main/java/org/gcube/data/analysis/tabulardata/service/HistoryManagerImpl.java b/src/main/java/org/gcube/data/analysis/tabulardata/service/HistoryManagerImpl.java
index e6320d9..5dd39f0 100644
--- a/src/main/java/org/gcube/data/analysis/tabulardata/service/HistoryManagerImpl.java
+++ b/src/main/java/org/gcube/data/analysis/tabulardata/service/HistoryManagerImpl.java
@@ -62,6 +62,9 @@ public class HistoryManagerImpl implements HistoryManager{
tabularResource = getUserAuthorizedObject(tabularResourceId, StorableTabularResource.class, entityManager);
}catch(NoSuchObjectException e){
throw new NoSuchTabularResourceException(tabularResourceId);
+ }catch (InternalSecurityException e) {
+ logger.error("error on authorization",e);
+ throw e;
}finally{
if (entityManager!=null && entityManager.isOpen())
entityManager.close();
diff --git a/src/main/java/org/gcube/data/analysis/tabulardata/utils/Util.java b/src/main/java/org/gcube/data/analysis/tabulardata/utils/Util.java
index 975a4f9..dface60 100644
--- a/src/main/java/org/gcube/data/analysis/tabulardata/utils/Util.java
+++ b/src/main/java/org/gcube/data/analysis/tabulardata/utils/Util.java
@@ -107,10 +107,11 @@ public class Util {
public static R getUserAuthorizedObject(
T id, Class objectClass, EntityManager entityManager) throws NoSuchObjectException, InternalSecurityException{
String caller = AuthorizationProvider.instance.get().getClient().getId();
+ String scope = ScopeProvider.instance.get();
R sTr = entityManager.find(objectClass, id);
if (sTr==null || !sTr.getScopes().contains(ScopeProvider.instance.get())) throw new NoSuchObjectException();
if (!sTr.getOwner().equals(caller) && !sTr.getSharedWith().contains(String.format("u(%s)", caller)) &&
- !sTr.getSharedWith().contains(String.format("g(%s)", caller)))
+ !sTr.getSharedWith().contains(String.format("g(%s)", scope)))
throw new InternalSecurityException(caller+" is not authorized to use "+objectClass.getName()+" with id "+id.toString());
return sTr;
}