diff --git a/db.go b/db.go
index 55ab171..c08f144 100644
--- a/db.go
+++ b/db.go
@@ -196,6 +196,20 @@ CREATE TABLE IF NOT EXISTS works(
   start_availability TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   end_availability TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) DEFAULT CHARACTER SET = utf8 COLLATE = utf8_bin;
+`); err != nil {
+		return err
+	}
+	if _, err := db.Exec(`
+CREATE TABLE IF NOT EXISTS user_work_grades(
+  id_gradation INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
+  id_user INTEGER NOT NULL,
+  id_work INTEGER NOT NULL,
+  date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  grade DECIMAL(5,2) NULL,
+  comment TEXT NOT NULL,
+  FOREIGN KEY(id_user) REFERENCES users(id_user),
+  FOREIGN KEY(id_work) REFERENCES works(id_work)
+) DEFAULT CHARACTER SET = utf8 COLLATE = utf8_bin;
 `); err != nil {
 		return err
 	}
diff --git a/works.go b/works.go
index af4f953..72c59d5 100644
--- a/works.go
+++ b/works.go
@@ -1,8 +1,11 @@
 package main
 
 import (
+	"database/sql"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"net/http"
 	"strconv"
 	"strings"
 	"time"
@@ -85,6 +88,41 @@ func init() {
 		func(w Work, _ []byte) HTTPResponse {
 			return formatApiResponse(w.Delete())
 		}), adminRestricted))
+
+	// Grades related to works
+	router.GET("/api/works/:wid/grades", apiHandler(workHandler(
+		func(w Work, _ []byte) HTTPResponse {
+			return formatApiResponse(w.GetGrades(""))
+		}), adminRestricted))
+	router.PUT("/api/works/:wid/grades", apiHandler(workHandler(
+		func(w Work, body []byte) HTTPResponse {
+			_, err := w.DeleteGrades()
+			if err != nil {
+				return APIErrorResponse{err: err}
+			}
+
+			var grades []WorkGrade
+			if err := json.Unmarshal(body, &grades); err != nil {
+				return APIErrorResponse{err: err}
+			}
+
+			err = w.AddGrades(grades)
+			if err != nil {
+				return APIErrorResponse{err: err}
+			}
+
+			return APIResponse{true}
+		}), adminRestricted))
+	router.GET("/api/works/:wid/score", apiAuthHandler(workAuthHandler(
+		func(w Work, u *User, _ []byte) HTTPResponse {
+			if g, err := u.GetMyWorkGrade(&w); err != nil && errors.Is(err, sql.ErrNoRows) {
+				return APIErrorResponse{status: http.StatusNotFound, err: fmt.Errorf("Aucune note n'a été attribuée pour ce travail. Avez-vous rendu ce travail ?")}
+			} else if err != nil {
+				return APIErrorResponse{err: err}
+			} else {
+				return APIResponse{g}
+			}
+		}), loggedUser))
 }
 
 func workHandler(f func(Work, []byte) HTTPResponse) func(httprouter.Params, []byte) HTTPResponse {
@@ -99,6 +137,18 @@ func workHandler(f func(Work, []byte) HTTPResponse) func(httprouter.Params, []by
 	}
 }
 
+func workAuthHandler(f func(Work, *User, []byte) HTTPResponse) func(*User, httprouter.Params, []byte) HTTPResponse {
+	return func(u *User, ps httprouter.Params, body []byte) HTTPResponse {
+		if wid, err := strconv.Atoi(string(ps.ByName("wid"))); err != nil {
+			return APIErrorResponse{err: err}
+		} else if work, err := getWork(wid); err != nil {
+			return APIErrorResponse{err: err}
+		} else {
+			return f(work, u, body)
+		}
+	}
+}
+
 type OneWork struct {
 	Kind              string    `json:"kind"`
 	Id                int64     `json:"id"`
@@ -209,3 +259,75 @@ func ClearWorks() (int64, error) {
 		return nb, err
 	}
 }
+
+type WorkGrade struct {
+	Id      int64     `json:"id"`
+	Login   string    `json:"login,omit_empty"`
+	IdUser  int64     `json:"id_user,omit_empty"`
+	IdWork  int64     `json:"id_work,omit_empty"`
+	Date    time.Time `json:"date"`
+	Grade   float64   `json:"score"`
+	Comment string    `json:"comment,omit_empty"`
+}
+
+func (w *Work) GetGrades(cnd string, param ...interface{}) (grades []WorkGrade, err error) {
+	param = append([]interface{}{w.Id}, param...)
+
+	if rows, errr := DBQuery("SELECT G.id_gradation, G.id_user, U.login, G.id_work, G.date, G.grade, G.comment FROM user_work_grades G INNER JOIN users U ON U.id_user = G.id_user WHERE id_work = ? "+cnd, param...); errr != nil {
+		return nil, errr
+	} else {
+		defer rows.Close()
+
+		for rows.Next() {
+			var g WorkGrade
+			if err = rows.Scan(&g.Id, &g.IdUser, &g.Login, &g.IdWork, &g.Date, &g.Grade, &g.Comment); err != nil {
+				return
+			}
+			grades = append(grades, g)
+		}
+		if err = rows.Err(); err != nil {
+			return
+		}
+
+		return
+	}
+}
+
+func (u *User) GetMyWorkGrade(w *Work) (g WorkGrade, err error) {
+	err = DBQueryRow("SELECT id_gradation, id_user, id_work, date, grade, comment FROM user_work_grades WHERE id_work = ? AND id_user = ? ORDER BY date DESC LIMIT 1", w.Id, u.Id).Scan(&g.Id, &g.IdUser, &g.IdWork, &g.Date, &g.Grade, &g.Comment)
+	return
+}
+
+func (w *Work) AddGrades(grades []WorkGrade) error {
+	var zerotime time.Time
+	for i, g := range grades {
+		if g.IdUser == 0 {
+			if u, err := getUserByLogin(g.Login); err != nil {
+				return fmt.Errorf("user %q: %w", g.Login, err)
+			} else {
+				grades[i].IdUser = u.Id
+			}
+		}
+		if zerotime == g.Date {
+			grades[i].Date = time.Now()
+		}
+	}
+
+	for _, g := range grades {
+		if _, err := DBExec("INSERT INTO user_work_grades (id_user, id_work, date, grade, comment) VALUES (?, ?, ?, ?, ?)", g.IdUser, w.Id, g.Date, g.Grade, g.Comment); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (w *Work) DeleteGrades() (int64, error) {
+	if res, err := DBExec("DELETE FROM user_work_grades WHERE id_work = ?", w.Id); err != nil {
+		return 0, err
+	} else if nb, err := res.RowsAffected(); err != nil {
+		return 0, err
+	} else {
+		return nb, err
+	}
+}