diff --git a/src/main/java/fr/titionfire/ffsaf/ws/recv/RCategorie.java b/src/main/java/fr/titionfire/ffsaf/ws/recv/RCategorie.java
index 58d1132..5b7947b 100644
--- a/src/main/java/fr/titionfire/ffsaf/ws/recv/RCategorie.java
+++ b/src/main/java/fr/titionfire/ffsaf/ws/recv/RCategorie.java
@@ -9,6 +9,7 @@ import fr.titionfire.ffsaf.data.repository.MatchRepository;
 import fr.titionfire.ffsaf.data.repository.TreeRepository;
 import fr.titionfire.ffsaf.net2.data.MatchEntity;
 import fr.titionfire.ffsaf.net2.data.TreeEntity;
+import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
 import fr.titionfire.ffsaf.rest.exception.DNotFoundException;
 import fr.titionfire.ffsaf.utils.TreeNode;
 import fr.titionfire.ffsaf.ws.CompetitionWS;
@@ -45,6 +46,16 @@ public class RCategorie {
     @Inject
     TreeRepository treeRepository;
 
+    private Uni<CategoryModel> getById(long id, WebSocketConnection connection) {
+        return categoryRepository.findById(id)
+                .invoke(Unchecked.consumer(o -> {
+                    if (o == null)
+                        throw new DNotFoundException("Catégorie non trouver");
+                    if (!o.getCompet().getUuid().equals(connection.pathParam("uuid")))
+                        throw new DForbiddenException("Permission denied");
+                }));
+    }
+
     @WSReceiver(code = "getAllCategory", permission = PermLevel.VIEW)
     public Uni<List<JustCategorie>> getAllCategory(WebSocketConnection connection, Object o) {
         return categoryRepository.list("compet.uuid", connection.pathParam("uuid"))
@@ -55,11 +66,7 @@ public class RCategorie {
     public Uni<FullCategory> getFullCategory(WebSocketConnection connection, Long id) {
         FullCategory fullCategory = new FullCategory();
 
-        return categoryRepository.findById(id)
-                .invoke(Unchecked.consumer(o -> {
-                    if (o == null)
-                        throw new DNotFoundException("Catégorie non trouver");
-                }))
+        return getById(id, connection)
                 .invoke(cat -> {
                     fullCategory.setId(cat.getId());
                     fullCategory.setName(cat.getName());
@@ -97,11 +104,7 @@ public class RCategorie {
 
     @WSReceiver(code = "updateCategory", permission = PermLevel.ADMIN)
     public Uni<Void> updateCategory(WebSocketConnection connection, JustCategorie categorie) {
-        return categoryRepository.findById(categorie.id)
-                .invoke(Unchecked.consumer(o -> {
-                    if (o == null)
-                        throw new DNotFoundException("Catégorie non trouver");
-                }))
+        return getById(categorie.id, connection)
                 .chain(cat -> {
                     cat.setName(categorie.name);
                     cat.setLiceName(categorie.liceName);
@@ -175,11 +178,7 @@ public class RCategorie {
 
     @WSReceiver(code = "updateTrees", permission = PermLevel.ADMIN)
     public Uni<Void> updateTrees(WebSocketConnection connection, TreeUpdate data) {
-        return categoryRepository.findById(data.categoryId)
-                .invoke(Unchecked.consumer(o -> {
-                    if (o == null)
-                        throw new DNotFoundException("Catégorie non trouver");
-                }))
+        return getById(data.categoryId, connection)
                 .call(cat -> treeRepository.update("level = -1, left = NULL, right = NULL WHERE category = ?1",
                         cat.getId()))
                 .call(cat -> {