diff --git a/buisnesslogic/src/main/java/com/plannaplan/services/GroupService.java b/buisnesslogic/src/main/java/com/plannaplan/services/GroupService.java
index 699def1..b77dacb 100755
--- a/buisnesslogic/src/main/java/com/plannaplan/services/GroupService.java
+++ b/buisnesslogic/src/main/java/com/plannaplan/services/GroupService.java
@@ -42,14 +42,13 @@ public class GroupService {
         return this.repo.findById(id);
     }
 
-    public Long findNotExistingGroup(List<Long> ids) {
-        Long response = Long.MIN_VALUE;
+    public Optional<Long> findNotExistingGroup(List<Long> ids) {
         for (Long oneId : ids) {
             if (this.repo.existsById(oneId) == false) {
-                response = oneId;
+                return Optional.of(oneId);
             }
         }
-        return response;
+        return Optional.empty();
 
     }
 }
\ No newline at end of file
diff --git a/restservice/src/main/java/com/plannaplan/App.java b/restservice/src/main/java/com/plannaplan/App.java
index d63eba5..b85cbb9 100755
--- a/restservice/src/main/java/com/plannaplan/App.java
+++ b/restservice/src/main/java/com/plannaplan/App.java
@@ -32,7 +32,7 @@ public class App {
                 filip.setEmail("filizy@st.amu.edu.pl");
                 filip.setName("Filip");
                 filip.setSurname("Izydorczyk");
-                filip.setRole(UserRoles.DEANERY);
+                filip.setRole(UserRoles.STUDENT);
                 this.userService.save(filip);
 
                 User hub = new User();
diff --git a/restservice/src/main/java/com/plannaplan/controllers/CommisionController.java b/restservice/src/main/java/com/plannaplan/controllers/CommisionController.java
index 24f78c2..3af50da 100755
--- a/restservice/src/main/java/com/plannaplan/controllers/CommisionController.java
+++ b/restservice/src/main/java/com/plannaplan/controllers/CommisionController.java
@@ -6,6 +6,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
+import java.util.Optional;
 
 import com.plannaplan.App;
 import com.plannaplan.entities.Assignment;
@@ -23,6 +24,7 @@ import com.plannaplan.types.UserRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -46,21 +48,23 @@ public class CommisionController extends TokenBasedController {
 
     @PostMapping(value = { "/add", "/add/{id}" })
     public ResponseEntity<String> addCommision(@RequestBody List<Long> groups,
-            @PathVariable(name = "id", required = false) Long userId) throws UserNotFoundException {
+            @PathVariable(name = "id", required = false) Long userId)
+            throws UserNotFoundException, IllegalArgumentException {
 
-        User user = this.getCurrentUser().orElseThrow(() -> new NullPointerException());
+        final User asker = this.getCurrentUser().orElseThrow(() -> new UserNotFoundException("Invalid token"));
 
-        if (userId != null && !((user.getId() == userId) || (user.getRole() == UserRoles.DEANERY))) {
-            return new ResponseEntity<>("Forbidden access atempt", HttpStatus.FORBIDDEN);
-        } else if (userId != null) {
-            user = userService.getById(userId).orElseThrow(() -> new UserNotFoundException("Given user id not exist"));
-        }
+        final User user = userId != null
+                ? userService.getById(userId).orElseThrow(() -> new UserNotFoundException("Given user id not exist"))
+                : asker;
 
-        final Long notExistingGroup = this.groupServcicxe.findNotExistingGroup(groups);
-        if (notExistingGroup != Long.MIN_VALUE) {
-            return new ResponseEntity<>("Group " + notExistingGroup.toString() + " doesn't exist",
-                    HttpStatus.NOT_FOUND);
-        }
+        Assert.isTrue(
+                (asker.getRole() == UserRoles.DEANERY && user.getRole() == UserRoles.STUDENT
+                        || (asker.getId() == user.getId() && user.getRole() == UserRoles.STUDENT)),
+                "Incorrect attempt to change plan");
+
+        Optional<Long> notExistingGroup = this.groupServcicxe.findNotExistingGroup(groups);
+        Assert.isTrue(!notExistingGroup.isPresent(),
+                "Group " + notExistingGroup.orElse(Long.MIN_VALUE).toString() + "doesn't exist");
 
         final Commision com = new Commision(user);
         this.commisionService.save(com);
diff --git a/restservice/src/main/java/com/plannaplan/controllers/ConfigController.java b/restservice/src/main/java/com/plannaplan/controllers/ConfigController.java
index 3d0ceff..5d5456b 100755
--- a/restservice/src/main/java/com/plannaplan/controllers/ConfigController.java
+++ b/restservice/src/main/java/com/plannaplan/controllers/ConfigController.java
@@ -29,7 +29,7 @@ public class ConfigController {
     private ConfiguratorService contrl;
 
     @PostMapping("/config")
-    // @PreAuthorize("hasRole('ROLE_ADMIN')")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
 
     public ResponseEntity<String> configApp(@RequestParam("file") MultipartFile file) {
         try {