diff --git a/app/controllers/webapps_controller.rb b/app/controllers/webapps_controller.rb
index dbac122..a6b439d 100755
--- a/app/controllers/webapps_controller.rb
+++ b/app/controllers/webapps_controller.rb
@@ -151,10 +151,12 @@ def add_permission
 		@webapp = Webapp.find(params[:webapp_id]) if params[:webapp_id]
 		if (@user && @webapp)
 			check = @user.valid_password?(password)
-			w = WebappAccess.find_or_create(@webapp.id)
-			w.addUser(@user,password)
+			if(check)
+				w = WebappAccess.find_or_create(@webapp.id)
+				w.addUser(@user,password)
+			end
 		end
-		status = check ? "ok" : "notok"
+		@status = check ? "ok" : "notok"
 		@users_allowed = WebappAccess.find_or_create(@webapp.id).getUsers
 	end
 
diff --git a/app/views/webapps/add_permission.json.jbuilder b/app/views/webapps/add_permission.json.jbuilder
index 52baf87..a725407 100644
--- a/app/views/webapps/add_permission.json.jbuilder
+++ b/app/views/webapps/add_permission.json.jbuilder
@@ -1,5 +1,5 @@
 self.formats = [:html]
-	json.status :ok
+	json.status @status
 	json.type :permission
 	json.webappid @webapp.id
 	json.userid @user.id