From 883ec051b1ab1e0b953d9f15ee90fc7673b555ed Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Sat, 30 Jul 2016 20:40:40 +0200
Subject: [PATCH] minor fix

---
 .../src/main/java/org/baeldung/web/MainController.java        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
index 4a041a9fa6..4752f7bdd9 100644
--- a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
@@ -5,7 +5,6 @@ import org.baeldung.persistence.model.Foo;
 import org.baeldung.persistence.model.Organization;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -22,7 +21,8 @@ public class MainController {
     @Autowired
     private OrganizationRepository organizationRepository;
 
-    @PostAuthorize("hasPermission(returnObject, 'read')")
+    // @PostAuthorize("hasPermission(returnObject, 'read')")
+    @PreAuthorize("hasPermission(#id, 'Foo', 'read')")
     @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
     @ResponseBody
     public Foo findById(@PathVariable final long id) {