<security:authorize now handles ACL's hasPermission()

src/main/resources/spring/spring-common.xml

@@ -58,4 +58,9 @@
 		<property name="maxPoolSize" value="16" />
 	</bean>
 
+	<!-- Has to be here, otherwise JSP TAGLIB doesn't pick it up -->
+	<bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler">
+		<property name="permissionEvaluator" ref="permissionEvaluator" />
+	</bean>
+
 </beans>

src/main/resources/spring/spring-security.xml

@@ -32,8 +32,8 @@
 			<sec:password-encoder ref="passwordEncoder" />
 		</sec:authentication-provider>
 	</sec:authentication-manager>
-
-	<bean name="securityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
+	
+	<bean id="securityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
 		<property name="permissionEvaluator" ref="permissionEvaluator" />
 	</bean>
 
@@ -58,6 +58,7 @@
 		<sec:logout logout-url="/logout" logout-success-url="/" />
 		
 		<sec:access-denied-handler error-page="/access-denied?error=1" />
+		<sec:expression-handler ref="webExpressionHandler"/>
 	</sec:http>
 
 </beans>
\ No newline at end of file

src/main/webapp/WEB-INF/jsp/team/details.jsp

@@ -11,7 +11,7 @@
 		<c:out value="${team.name}" />
 	</h1>
 
-	<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(team, 'WRITE')">
+	<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#team, 'WRITE')">
 		<a href="<c:url value="/team/${team.uuid}/permissions" />" class="btn btn-default"> <spring:message code="edit-acl" /></a>
 	</security:authorize>