@RequestMapping(path = "/collection/{collectionId}", method = DELETE) @PreAuthorize( "hasRole('ADMIN') || hasPermission(#collectionId, 'org.bossie.security.domain.Collection', 'delete')") public @ResponseBody void deleteCollection(@PathVariable("collectionId") long collectionId) { securityService.deleteCollection(collectionId); }