diff --git a/ci/pipeline.yml b/ci/pipeline.yml
index e45ff18..ee87545 100644
--- a/ci/pipeline.yml
+++ b/ci/pipeline.yml
@@ -148,6 +148,7 @@ jobs:
 
 - name: build
   plan:
+  - get: docker-image
   - get: repo
     trigger: true
     passed: [test]
@@ -190,6 +191,7 @@ jobs:
           repository: concourse/oci-build-task
 
       inputs: 
+      - name: docker-image
       - name: repo
         path: .
 
diff --git a/src/leaderboard.rs b/src/leaderboard.rs
index cc2cd38..ad448d3 100644
--- a/src/leaderboard.rs
+++ b/src/leaderboard.rs
@@ -51,8 +51,9 @@ pub async fn list_points(
     AuthBearer(token): AuthBearer,
     State(app_state): State<AppState>,
 ) -> impl IntoResponse {
-    if let Err(err) = handle_token(token, &app_state, Role::Student) {
-        return err;
+    let token_data = match handle_token(token, &app_state, Role::Student) {
+        Err(err) => return err,
+        Ok(token_data) => token_data,
     };
 
     let result = query_as!(
@@ -67,10 +68,13 @@ pub async fn list_points(
                 ON u.id = ea.user_id AND ea.confirmed = true
             LEFT JOIN events e
                 ON ea.event_id = e.id
+            WHERE
+                u.grade = $1
             GROUP BY u.id
             ORDER BY points DESC
             ;
         "#,
+        token_data.grade,
     )
     .fetch_all(&app_state.db_pool)
     .await;
diff --git a/src/models.rs b/src/models.rs
index 70f3f80..f1084c2 100644
--- a/src/models.rs
+++ b/src/models.rs
@@ -154,6 +154,7 @@ pub struct Claims {
     pub exp: OffsetDateTime,
     pub id: i32,
     pub username: String,
+    pub grade: i32,
     pub role: Role,
 }
 
diff --git a/src/user.rs b/src/user.rs
index 71cc6bd..4e6991d 100644
--- a/src/user.rs
+++ b/src/user.rs
@@ -64,12 +64,13 @@ pub async fn signin(
 
     let result = sqlx::query!(
         r#"
-            SELECT 
-        id,
-        username,
-        role AS "role!: Role"
-            FROM users
-            WHERE username = $1 AND password = $2
+        SELECT 
+            id,
+            username,
+            role AS "role!: Role",
+            grade
+        FROM users
+        WHERE username = $1 AND password = $2
         "#,
         signin.username,
         pass_hash.as_bytes(),
@@ -82,6 +83,7 @@ pub async fn signin(
             let claims = Claims {
                 exp: OffsetDateTime::now_utc() + JWT_LIFETIME,
                 id: user.id,
+                grade: user.grade,
                 username: user.username,
                 role: user.role,
             };
@@ -101,21 +103,17 @@ pub async fn signin(
 
             (StatusCode::OK, Json(json!({ "data": token })))
         }
-        Ok(None) => {
-            (
-                StatusCode::UNAUTHORIZED,
-                Json(json!({
-                    "error": format!("Incorrect username or password")
-                })),
-            )
-        }
-        Err(err) => {
-            (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Json(json!({
-                    "error": format!("Unknown error signing in: {:?}", err)
-                })),
-            )
-        }
+        Ok(None) => (
+            StatusCode::UNAUTHORIZED,
+            Json(json!({
+                "error": format!("Incorrect username or password")
+            })),
+        ),
+        Err(err) => (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(json!({
+                "error": format!("Unknown error signing in: {:?}", err)
+            })),
+        ),
     }
 }