Merge pull request 'Updated the put methods and cleaned up a shitload of comments' (#42 ) from feature/39-update_puts into dev

Reviewed-on: #42 closes #39
Reverted simplification that created loops
2020-12-21 16:39:19 +00:00 · 2020-12-21 17:22:07 +01:00 · 2020-12-21 16:58:51 +01:00 · 2020-12-21 16:21:12 +01:00 · 2020-12-21 16:08:10 +01:00 · 2020-12-21 15:29:32 +01:00
123 changed files with 4901 additions and 1545 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,111 @@
+---
+kind: pipeline
+name: tests:node_latest
+clone:
+  disable: true
+steps:
+  - name: checkout pr
+    image: alpine/git
+    commands:
+      - git clone $DRONE_REMOTE_URL .
+      - git checkout $DRONE_SOURCE_BRANCH
+      - mv .env.ci .env
+  - name: run tests
+    image: node:alpine
+    commands:
+      - yarn
+      - yarn test:ci
+trigger:
+  event:
+    - pull_request
+
+---
+kind: pipeline
+type: docker
+name: build:dev
+
+steps:
+  - name: build dev
+    image: plugins/docker
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: DOCKER_REGISTRY_USER
+      password:
+        from_secret: DOCKER_REGISTRY_PASSWORD
+      repo: registry.odit.services/lfk/backend
+      tags:
+        - dev
+      registry: registry.odit.services
+    when:
+      branch:
+        - dev
+      event:
+        - push
+
+trigger:
+  branch:
+    - dev
+  event:
+    - push
+
+---
+kind: pipeline
+type: docker
+name: build:latest
+
+steps:
+  - name: build latest
+    image: plugins/docker
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: DOCKER_REGISTRY_USER
+      password:
+        from_secret: DOCKER_REGISTRY_PASSWORD
+      repo: registry.odit.services/lfk/backend
+      tags:
+        - latest
+      registry: registry.odit.services
+
+trigger:
+  branch:
+    - main
+  event:
+    - push
+
+---
+kind: pipeline
+type: docker
+name: build:tags
+
+steps:
+  - name: build $DRONE_TAG
+    image: plugins/docker
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: DOCKER_REGISTRY_USER
+      password:
+        from_secret: DOCKER_REGISTRY_PASSWORD
+      repo: registry.odit.services/lfk/backend
+      tags:
+        - $DRONE_TAG
+      registry: registry.odit.services
+  - name: trigger lib build
+    depends_on: [clone]
+    image: plugins/downstream
+    settings:
+      server: https://ci.odit.services/
+      token: 
+        from_secret: BOT_DRONE_KEY
+      fork: false
+      repositories:
+        - lfk/lib
+      params:
+      - SOURCE_TAG: $DRONE_TAG
+trigger:
+  branch:
+    - main
+  event:
+    - tag
--- a/.env.ci
+++ b/.env.ci
@ -0,0 +1,8 @@
+APP_PORT=4010
+DB_TYPE=sqlite
+DB_HOST=unused
+DB_PORT=unused
+DB_USER=unused
+DB_PASSWORD=bla
+DB_NAME=./test.sqlite
+NODE_ENV=dev
--- a/.gitignore
+++ b/.gitignore
@ -131,4 +131,6 @@ package-lock.json
 build

 *.sqlite
+*.sqlite-jurnal
 docs
+lib
--- a/20
+++ b/20
@ -1,6 +1,16 @@
-FROM node:alpine
+# Typescript Build
+FROM node:14.15.1-alpine3.12
 WORKDIR /app
-COPY ./package.json ./
-RUN yarn
-COPY ./ ./
-ENTRYPOINT [ "yarn","dev" ]
+COPY package.json ./
+RUN npm i -g pnpm
+RUN pnpm i
+COPY tsconfig.json ormconfig.js ./
+COPY src ./src
+RUN pnpm run build
+# final image
+FROM node:14.15.1-alpine3.12
+COPY package.json ormconfig.js ./
+RUN npm i -g pnpm
+RUN pnpm i --prod
+COPY --from=0 /app/dist dist
+ENTRYPOINT ["node", "dist/app.js"]
--- a/README.md
+++ b/README.md
@ -53,9 +53,11 @@ docker-compose up --build

 ## File Structure

- src/models/\* - database models (typeorm entities)
+- src/models/entities\* - database models (typeorm entities)
+- src/models/actions\* - actions models
+- src/models/responses\* - response models
 - src/controllers/\* - routing-controllers
 - src/loaders/\* - loaders for the different init steps of the api server
- src/routes/\* - express routes for everything we don't do via routing-controllers (shouldn't be much)
 - src/middlewares/\* - express middlewares (mainly auth r/n)
 - src/errors/* - our custom (http) errors
+- src/routes/\* - express routes for everything we don't do via routing-controllers (depreciated)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,18 +6,26 @@ services:
      - 4010:4010
    environment:
      APP_PORT: 4010
-      DB_TYPE: postgres
-      DB_HOST: backend_db
-      DB_PORT: 5432 
-      DB_USER: lfk
-      DB_PASSWORD: changeme
-      DB_NAME: lfk
+      DB_TYPE: sqlite
+      DB_HOST: bla
+      DB_PORT: bla
+      DB_USER: bla
+      DB_PASSWORD: bla
+      DB_NAME: dev.sqlite
      NODE_ENV: production
-  backend_db:
-    image: postgres:11-alpine
-    environment:
-      POSTGRES_DB: lfk
-      POSTGRES_PASSWORD: changeme
-      POSTGRES_USER: lfk
-    ports:
-      - 5432:5432
+      # APP_PORT: 4010
+      # DB_TYPE: postgres
+      # DB_HOST: backend_db
+      # DB_PORT: 5432
+      # DB_USER: lfk
+      # DB_PASSWORD: changeme
+      # DB_NAME: lfk
+      # NODE_ENV: production
+  # backend_db:
+  #   image: postgres:11-alpine
+  #   environment:
+  #     POSTGRES_DB: lfk
+  #     POSTGRES_PASSWORD: changeme
+  #     POSTGRES_USER: lfk
+  #   ports:
+  #     - 5432:5432
--- a/jest.config.js
+++ b/jest.config.js
@ -0,0 +1,4 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+};
--- a/ormconfig.js
+++ b/ormconfig.js
@ -0,0 +1,16 @@
+const dotenv = require('dotenv');
+dotenv.config();
+//
+const SOURCE_PATH = process.env.NODE_ENV === 'production' ? 'dist' : 'src';
+module.exports = {
+	type: process.env.DB_TYPE,
+	host: process.env.DB_HOST,
+	port: process.env.DB_PORT,
+	username: process.env.DB_USER,
+	password: process.env.DB_PASSWORD,
+	database: process.env.DB_NAME,
+	// entities: ["src/**/entities/*.ts"],
+	entities: [ `${SOURCE_PATH}/**/entities/*{.ts,.js}` ],
+	seeds: [ `${SOURCE_PATH}/**/seeds/*{.ts,.js}` ]
+	// seeds: ['src/seeds/*.ts'],
+};
--- a/ormconfig.ts
+++ b/ormconfig.ts
@ -1,12 +0,0 @@
-import { config } from 'dotenv-safe';
-config();
-
-export default {
-	type: process.env.DB_TYPE,
-	host: process.env.DB_HOST,
-	port: process.env.DB_PORT,
-	username: process.env.DB_USER,
-	password: process.env.DB_PASSWORD,
-	database: process.env.DB_NAME,
-	entities: ["src/models/entities/*.ts"]
-};
--- a/package.json
+++ b/package.json
@ -1,67 +1,85 @@
-{
-  "name": "@lfk/backend",
-  "version": "1.0.0",
-  "main": "src/app.ts",
-  "repository": "https://git.odit.services/lfk/backend",
-  "author": {
-    "name": "ODIT.Services",
-    "email": "info@odit.services",
-    "url": "https://odit.services"
-  },
-  "contributors": [
-    {
-      "name": "Philipp Dormann",
-      "email": "philipp@philippdormann.de",
-      "url": "https://philippdormann.de"
-    },
-    {
-      "name": "Nicolai Ort",
-      "email": "info@nicolai-ort.com",
-      "url": "https://nicolai-ort.com"
-    }
-  ],
-  "license": "CC-BY-NC-SA-4.0",
-  "dependencies": {
-    "argon2": "^0.27.0",
-    "body-parser": "^1.19.0",
-    "class-transformer": "^0.3.1",
-    "class-validator": "^0.12.2",
-    "class-validator-jsonschema": "^2.0.3",
-    "consola": "^2.15.0",
-    "cors": "^2.8.5",
-    "express": "^4.17.1",
-    "helmet": "^4.2.0",
-    "jsonwebtoken": "^8.5.1",
-    "multer": "^1.4.2",
-    "mysql": "^2.18.1",
-    "pg": "^8.5.1",
-    "reflect-metadata": "^0.1.13",
-    "routing-controllers": "^0.9.0-alpha.6",
-    "routing-controllers-openapi": "^2.1.0",
-    "swagger-ui-express": "^4.1.5",
-    "typeorm": "^0.2.29",
-    "typeorm-routing-controllers-extensions": "^0.2.0",
-    "uuid": "^8.3.1"
-  },
-  "devDependencies": {
-    "@types/cors": "^2.8.8",
-    "@types/dotenv-safe": "^8.1.1",
-    "@types/express": "^4.17.9",
-    "@types/jsonwebtoken": "^8.5.0",
-    "@types/multer": "^1.4.4",
-    "@types/node": "^14.14.9",
-    "@types/swagger-ui-express": "^4.1.2",
-    "@types/uuid": "^8.3.0",
-    "dotenv-safe": "^8.2.0",
-    "nodemon": "^2.0.6",
-    "sqlite3": "^5.0.0",
-    "ts-node": "^9.0.0",
-    "typedoc": "^0.19.2",
-    "typescript": "^4.1.2"
-  },
-  "scripts": {
-    "dev": "nodemon src/app.ts",
-    "build": "tsc",
-    "docs": "typedoc --out docs src"
-  }
-}
+{
+  "name": "@lfk/backend",
+  "version": "1.0.0",
+  "main": "src/app.ts",
+  "repository": "https://git.odit.services/lfk/backend",
+  "author": {
+    "name": "ODIT.Services",
+    "email": "info@odit.services",
+    "url": "https://odit.services"
+  },
+  "contributors": [
+    {
+      "name": "Philipp Dormann",
+      "email": "philipp@philippdormann.de",
+      "url": "https://philippdormann.de"
+    },
+    {
+      "name": "Nicolai Ort",
+      "email": "info@nicolai-ort.com",
+      "url": "https://nicolai-ort.com"
+    }
+  ],
+  "license": "CC-BY-NC-SA-4.0",
+  "dependencies": {
+    "argon2": "^0.27.0",
+    "body-parser": "^1.19.0",
+    "class-transformer": "^0.3.1",
+    "class-validator": "^0.12.2",
+    "class-validator-jsonschema": "^2.0.3",
+    "consola": "^2.15.0",
+    "cookie": "^0.4.1",
+    "cookie-parser": "^1.4.5",
+    "cors": "^2.8.5",
+    "csvtojson": "^2.0.10",
+    "dotenv": "^8.2.0",
+    "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1",
+    "mysql": "^2.18.1",
+    "pg": "^8.5.1",
+    "reflect-metadata": "^0.1.13",
+    "routing-controllers": "^0.9.0-alpha.6",
+    "routing-controllers-openapi": "^2.1.0",
+    "sqlite3": "^5.0.0",
+    "swagger-ui-express": "^4.1.5",
+    "typeorm": "^0.2.29",
+    "typeorm-routing-controllers-extensions": "^0.2.0",
+    "typeorm-seeding": "^1.6.1",
+    "uuid": "^8.3.1"
+  },
+  "devDependencies": {
+    "@types/cors": "^2.8.8",
+    "@types/csvtojson": "^1.1.5",
+    "@types/express": "^4.17.9",
+    "@types/jest": "^26.0.16",
+    "@types/jsonwebtoken": "^8.5.0",
+    "@types/node": "^14.14.9",
+    "@types/swagger-ui-express": "^4.1.2",
+    "@types/uuid": "^8.3.0",
+    "axios": "^0.21.0",
+    "jest": "^26.6.3",
+    "nodemon": "^2.0.6",
+    "rimraf": "^2.7.1",
+    "start-server-and-test": "^1.11.6",
+    "ts-jest": "^26.4.4",
+    "ts-node": "^9.0.0",
+    "typedoc": "^0.19.2",
+    "typescript": "^4.1.2"
+  },
+  "scripts": {
+    "dev": "nodemon src/app.ts",
+    "build": "tsc",
+    "docs": "typedoc --out docs src",
+    "test": "jest",
+    "test:watch": "jest --watchAll",
+    "test:ci": "start-server-and-test dev http://localhost:4010/api/openapi.json test",
+    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
+    "openapi:export": "ts-node src/openapi_export.ts"
+  },
+  "nodemonConfig": {
+    "ignore": [
+      "src/tests/*",
+      "docs/*"
+    ]
+  }
+}
--- a/src/app.ts
+++ b/src/app.ts
@ -1,29 +1,32 @@
-import "reflect-metadata";
-import * as dotenvSafe from "dotenv-safe";
-import { createExpressServer } from "routing-controllers";
 import consola from "consola";
-import loaders from "./loaders/index";
+import "reflect-metadata";
+import { createExpressServer } from "routing-controllers";
 import authchecker from "./authchecker";
+import { config, e as errors } from './config';
+import loaders from "./loaders/index";
 import { ErrorHandler } from './middlewares/ErrorHandler';

-dotenvSafe.config();
-const PORT = process.env.APP_PORT || 4010;
-
+const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
 const app = createExpressServer({
  authorizationChecker: authchecker,
  middlewares: [ErrorHandler],
-  development: process.env.NODE_ENV === "production",
+  development: config.development,
  cors: true,
  routePrefix: "/api",
-  controllers: [__dirname + "/controllers/*.ts"],
+  controllers: [`${__dirname}/controllers/*.${CONTROLLERS_FILE_EXTENSION}`],
 });

 async function main() {
  await loaders(app);
-  app.listen(PORT, () => {
+  app.listen(config.internal_port, () => {
    consola.success(
-      `⚡️[server]: Server is running at http://localhost:${PORT}`
+      `⚡️[server]: Server is running at http://localhost:${config.internal_port}`
    );
  });
 }
-main();
+if (errors === 0) {
+  main();
+} else {
+  consola.error("error");
+  // something's wrong
+}
--- a/src/authchecker.ts
+++ b/src/authchecker.ts
@ -1,51 +1,72 @@
+import cookie from "cookie";
 import * as jwt from "jsonwebtoken";
-import { Action, HttpError } from "routing-controllers";
-// -----------
-const sampletoken = jwt.sign({
-    "permissions": {
-        "TRACKS": ["read", "update", "delete", "add"]
-        // "TRACKS": []
-    }
-}, process.env.JWT_SECRET || "secretjwtsecret")
-console.log(`sampletoken: ${sampletoken}`);
-// -----------
-const authchecker = async (action: Action, permissions: string | string[]) => {
-    let required_permissions = undefined
+import { Action } from "routing-controllers";
+import { getConnectionManager } from 'typeorm';
+import { config } from './config';
+import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
+import { JwtCreator, JwtUser } from './jwtcreator';
+import { User } from './models/entities/User';
+
+/**
+ * Handels authorisation verification via jwt's for all api endpoints using the @Authorized decorator.
+ * @param action Routing-Controllers action object that provides request and response objects among other stuff.
+ * @param permissions The permissions that the endpoint using @Authorized requires.
+ */
+const authchecker = async (action: Action, permissions: string[] | string) => {
+    let required_permissions = undefined;
    if (typeof permissions === "string") {
        required_permissions = [permissions]
    } else {
        required_permissions = permissions
    }
-    // const token = action.request.headers["authorization"];
-    const provided_token = action.request.query["auth"];
+
    let jwtPayload = undefined
    try {
-        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+        let provided_token = "" + action.request.headers["authorization"].replace("Bearer ", "");
+        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
+        jwtPayload = jwtPayload["userdetails"];
    } catch (error) {
-        throw new HttpError(401, "jwt_illegal")
+        jwtPayload = await refresh(action);
    }
-    if (jwtPayload.permissions) {
-        action.response.local = {}
-        action.response.local.jwtPayload = jwtPayload.permissions
-        required_permissions.forEach(r => {
-            const permission_key = r.split(":")[0]
-            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-            const permission_access_level = r.split(":")[1]
-            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
-                return true;
-            } else {
-                throw new HttpError(403, "no")
-            }
-        });
-    } else {
-        throw new HttpError(403, "no")
+
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (!jwtPayload["permissions"]) { throw new NoPermissionError(); }
+
+    action.response.local = {}
+    action.response.local.jwtPayload = jwtPayload;
+    for (let required_permission of required_permissions) {
+        if (!(jwtPayload["permissions"].includes(required_permission))) { return false; }
    }
-    // 
+    return true;
+}
+
+/**
+ * Handels soft-refreshing of access-tokens.
+ * @param action Routing-Controllers action object that provides request and response objects among other stuff.
+ */
+const refresh = async (action: Action) => {
+    let refresh_token = undefined;
    try {
-        jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
-        return true
-    } catch (error) {
-        return false
+        refresh_token = cookie.parse(action.request.headers["cookie"])["lfk_backend__refresh_token"];
    }
+    catch {
+        throw new IllegalJWTError();
+    }
+
+    let jwtPayload = undefined;
+    try {
+        jwtPayload = <any>jwt.verify(refresh_token, config.jwt_secret);
+    } catch (error) {
+        throw new IllegalJWTError();
+    }
+
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+
+    let newAccess = JwtCreator.createAccess(user);
+    action.response.header("authorization", "Bearer " + newAccess);
+
+    return await new JwtUser(user);
 }
 export default authchecker
--- a/src/config.ts
+++ b/src/config.ts
@ -0,0 +1,22 @@
+import { config as configDotenv } from 'dotenv';
+configDotenv();
+export const config = {
+    internal_port: parseInt(process.env.APP_PORT) || 4010,
+    development: process.env.NODE_ENV === "production",
+    jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
+    phone_validation_countrycode: process.env.PHONE_COUNTRYCODE || "ZZ"
+}
+let errors = 0
+if (typeof config.internal_port !== "number") {
+    errors++
+}
+if (typeof config.phone_validation_countrycode !== "string") {
+    errors++
+}
+if (config.phone_validation_countrycode.length !== 2) {
+    errors++
+}
+if (typeof config.development !== "boolean") {
+    errors++
+}
+export let e = errors
--- a/src/controllers/AuthController.ts
+++ b/src/controllers/AuthController.ts
@ -0,0 +1,81 @@
+import { Body, CookieParam, JsonController, Post, Res } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
+import { UserNotFoundError } from '../errors/UserErrors';
+import { CreateAuth } from '../models/actions/CreateAuth';
+import { HandleLogout } from '../models/actions/HandleLogout';
+import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { Auth } from '../models/responses/ResponseAuth';
+import { Logout } from '../models/responses/ResponseLogout';
+
+@JsonController('/auth')
+export class AuthController {
+	constructor() {
+	}
+
+	@Post("/login")
+	@ResponseSchema(Auth)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Create a new access token object' })
+	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
+		let auth;
+		try {
+			auth = await createAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			return response.send(auth)
+		} catch (error) {
+			throw error;
+		}
+	}
+
+	@Post("/logout")
+	@ResponseSchema(Logout)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Create a new access token object' })
+	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
+			handleLogout.token = refresh_token;
+		}
+
+		let logout;
+		try {
+			logout = await handleLogout.logout()
+			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(logout)
+	}
+
+	@Post("/refresh")
+	@ResponseSchema(Auth)
+	@ResponseSchema(JwtNotProvidedError)
+	@ResponseSchema(IllegalJWTError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(RefreshTokenCountInvalidError)
+	@OpenAPI({ description: 'refresh a access token' })
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
+			refreshAuth.token = refresh_token;
+		}
+		let auth;
+		try {
+			auth = await refreshAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(auth)
+	}
+}
--- a/src/controllers/ImportController.ts
+++ b/src/controllers/ImportController.ts
@ -0,0 +1,102 @@
+import csv from 'csvtojson';
+import { Authorized, Body, ContentType, Controller, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { RunnerGroupNeededError } from '../errors/RunnerErrors';
+import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
+import RawBodyMiddleware from '../middlewares/RawBody';
+import { ImportRunner } from '../models/actions/ImportRunner';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
+import { RunnerController } from './RunnerController';
+
+@Controller()
+@Authorized(["RUNNER:IMPORT", "TEAM:IMPORT"])
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class ImportController {
+    private runnerController: RunnerController;
+
+    /**
+     * Gets the repository of this controller's model/entity.
+     */
+    constructor() {
+        this.runnerController = new RunnerController();
+    }
+
+    @Post('/runners/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them (or their teams) into the provided group" })
+    async postJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @QueryParam("group") groupID: number) {
+        if (!groupID) { throw new RunnerGroupNeededError(); }
+        let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
+        for await (let runner of importRunners) {
+            responseRunners.push(await this.runnerController.post(await runner.toCreateRunner(groupID)));
+        }
+        return responseRunners;
+    }
+
+    @Post('/organisations/:id/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them (or their teams) into the provided org" })
+    async postOrgsJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @Param('id') id: number) {
+        return await this.postJSON(importRunners, id)
+    }
+
+    @Post('/teams/:id/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided team" })
+    async postTeamsJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @Param('id') id: number) {
+        return await this.postJSON(importRunners, id)
+    }
+
+    @Post('/runners/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them (or their teams) into the provided group" })
+    async postCSV(@Req() request: any, @QueryParam("group") groupID: number) {
+        let csvParse = await csv({ delimiter: [",", ";"], trim: true }).fromString(request.rawBody.toString());
+        let importRunners: ImportRunner[] = new Array<ImportRunner>();
+        for await (let runner of csvParse) {
+            let newImportRunner = new ImportRunner();
+            newImportRunner.firstname = runner.firstname;
+            newImportRunner.middlename = runner.middlename;
+            newImportRunner.lastname = runner.lastname;
+            if (runner.class === undefined) { newImportRunner.team = runner.team; }
+            else { newImportRunner.class = runner.class; }
+            importRunners.push(newImportRunner);
+        }
+        return await this.postJSON(importRunners, groupID);
+    }
+
+    @Post('/organisations/:id/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them (or their teams) into the provided org" })
+    async postOrgsCSV(@Req() request: any, @Param("id") id: number) {
+        return await this.postCSV(request, id);
+    }
+
+    @Post('/teams/:id/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided team" })
+    async postTeamsCSV(@Req() request: any, @Param("id") id: number) {
+        return await this.postCSV(request, id);
+    }
+}
--- a/src/controllers/PermissionController.ts
+++ b/src/controllers/PermissionController.ts
@ -0,0 +1,118 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
+import { PrincipalNotFoundError } from '../errors/PrincipalErrors';
+import { CreatePermission } from '../models/actions/CreatePermission';
+import { UpdatePermission } from '../models/actions/UpdatePermission';
+import { Permission } from '../models/entities/Permission';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponsePermission } from '../models/responses/ResponsePermission';
+import { ResponsePrincipal } from '../models/responses/ResponsePrincipal';
+
+
+@JsonController('/permissions')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class PermissionController {
+    private permissionRepository: Repository<Permission>;
+
+    /**
+     * Gets the repository of this controller's model/entity.
+     */
+    constructor() {
+        this.permissionRepository = getConnectionManager().get().getRepository(Permission);
+    }
+
+    @Get()
+    @Authorized("PERMISSION:GET")
+    @ResponseSchema(ResponsePermission, { isArray: true })
+    @OpenAPI({ description: 'Lists all permissions.' })
+    async getAll() {
+        let responsePermissions: ResponsePermission[] = new Array<ResponsePermission>();
+        const permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        permissions.forEach(permission => {
+            responsePermissions.push(new ResponsePermission(permission));
+        });
+        return responsePermissions;
+    }
+
+
+    @Get('/:id')
+    @Authorized("PERMISSION:GET")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
+    @OnUndefined(PermissionNotFoundError)
+    @OpenAPI({ description: 'Returns a permissions of a specified id (if it exists)' })
+    async getOne(@Param('id') id: number) {
+        let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+        if (!permission) { throw new PermissionNotFoundError(); }
+        return new ResponsePermission(permission);
+    }
+
+
+    @Post()
+    @Authorized("PERMISSION:CREATE")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
+    @OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
+    async post(@Body({ validate: true }) createPermission: CreatePermission) {
+        let permission;
+        try {
+            permission = await createPermission.toPermission();
+        } catch (error) {
+            throw error;
+        }
+        let existingPermission = await this.permissionRepository.findOne({ target: permission.target, action: permission.action, principal: permission.principal }, { relations: ['principal'] });
+        if (existingPermission) { return new ResponsePermission(existingPermission); }
+
+        permission = await this.permissionRepository.save(permission);
+        permission = await this.permissionRepository.findOne(permission, { relations: ['principal'] });
+
+        return new ResponsePermission(permission);
+    }
+
+
+    @Put('/:id')
+    @Authorized("PERMISSION:UPDATE")
+    @ResponseSchema(ResponsePrincipal)
+    @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
+    @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
+    @ResponseSchema(PermissionIdsNotMatchingError, { statusCode: 406 })
+    @ResponseSchema(PermissionNeedsPrincipalError, { statusCode: 406 })
+    @OpenAPI({ description: "Update a permission object (id can't be changed)." })
+    async put(@Param('id') id: number, @Body({ validate: true }) permission: UpdatePermission) {
+        let oldPermission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+
+        if (!oldPermission) {
+            throw new PermissionNotFoundError();
+        }
+
+        if (oldPermission.id != permission.id) {
+            throw new PermissionIdsNotMatchingError();
+        }
+        let existingPermission = await this.permissionRepository.findOne({ target: permission.target, action: permission.action, principal: permission.principal }, { relations: ['principal'] });
+        if (existingPermission) {
+            await this.remove(permission.id, true);
+            return new ResponsePermission(existingPermission);
+        }
+
+        await this.permissionRepository.save(await permission.updatePermission(oldPermission));
+
+        return new ResponsePermission(await this.permissionRepository.findOne({ id: permission.id }, { relations: ['principal'] }));
+    }
+
+    @Delete('/:id')
+    @Authorized("PERMISSION:DELETE")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(ResponseEmpty, { statusCode: 204 })
+    @OnUndefined(204)
+    @OpenAPI({ description: 'Delete a specified permission (if it exists).' })
+    async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+        let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+        if (!permission) { return null; }
+
+        const responsePermission = new ResponsePermission(permission);
+        await this.permissionRepository.delete(permission);
+        return responsePermission;
+    }
+}
--- a/src/controllers/RunnerController.ts
+++ b/src/controllers/RunnerController.ts
@ -1,97 +1,106 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
-import { RunnerGroupNeededError, RunnerGroupNotFoundError, RunnerIdsNotMatchingError, RunnerNotFoundError, RunnerOnlyOneGroupAllowedError } from '../errors/RunnerErrors';
-import { CreateRunner } from '../models/creation/CreateRunner';
-import { Runner } from '../models/entities/Runner';
-import { ResponseRunner } from '../models/responses/ResponseRunner';
-
-@JsonController('/runners')
-//@Authorized('RUNNERS:read')
-export class RunnerController {
-	private runnerRepository: Repository<Runner>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
-	}
-
-	@Get()
-	@ResponseSchema(ResponseRunner, { isArray: true })
-	@OpenAPI({ description: 'Lists all runners.' })
-	async getAll() {
-		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group'] });
-		console.log(runners);
-		runners.forEach(runner => {
-			responseRunners.push(new ResponseRunner(runner));
-		});
-		return responseRunners;
-	}
-
-	@Get('/:id')
-	@ResponseSchema(ResponseRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Returns a runner of a specified id (if it exists)' })
-	async getOne(@Param('id') id: number) {
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] }));
-	}
-
-	@Post()
-	@ResponseSchema(ResponseRunner)
-	@ResponseSchema(RunnerOnlyOneGroupAllowedError)
-	@ResponseSchema(RunnerGroupNeededError)
-	@ResponseSchema(RunnerGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new runner object (id will be generated automagicly).' })
-	async post(@Body({ validate: true }) createRunner: CreateRunner) {
-		let runner;
-		try {
-			runner = await createRunner.toRunner();
-		} catch (error) {
-			return error;
-		}
-
-		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group'] }));
-	}
-
-	@Put('/:id')
-	@ResponseSchema(ResponseRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runner object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() runner: Runner) {
-		let oldRunner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] });
-
-		if (!oldRunner) {
-			throw new RunnerNotFoundError();
-		}
-
-		if (oldRunner.id != runner.id) {
-			throw new RunnerIdsNotMatchingError();
-		}
-
-		await this.runnerRepository.update(oldRunner, runner);
-		return new ResponseRunner(runner);
-	}
-
-	@Delete('/:id')
-	@ResponseSchema(ResponseRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
-	async remove(@EntityFromParam('id') runner: Runner, @QueryParam("force") force: boolean) {
-		if (!runner) { throw new RunnerNotFoundError(); }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group'] });
-
-		if (!runner) {
-			throw new RunnerNotFoundError();
-		}
-
-		await this.runnerRepository.delete(runner);
-		return new ResponseRunner(responseRunner);
-	}
-}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { RunnerGroupNeededError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
+import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
+import { CreateRunner } from '../models/actions/CreateRunner';
+import { UpdateRunner } from '../models/actions/UpdateRunner';
+import { Runner } from '../models/entities/Runner';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
+
+@JsonController('/runners')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class RunnerController {
+	private runnerRepository: Repository<Runner>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
+	}
+
+	@Get()
+	@Authorized("RUNNER:GET")
+	@ResponseSchema(ResponseRunner, { isArray: true })
+	@OpenAPI({ description: 'Lists all runners.' })
+	async getAll() {
+		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
+		const runners = await this.runnerRepository.find({ relations: ['scans', 'group'] });
+		runners.forEach(runner => {
+			responseRunners.push(new ResponseRunner(runner));
+		});
+		return responseRunners;
+	}
+
+	@Get('/:id')
+	@Authorized("RUNNER:GET")
+	@ResponseSchema(ResponseRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Returns a runner of a specified id (if it exists)' })
+	async getOne(@Param('id') id: number) {
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] })
+		if (!runner) { throw new RunnerNotFoundError(); }
+		return new ResponseRunner(runner);
+	}
+
+	@Post()
+	@Authorized("RUNNER:CREATE")
+	@ResponseSchema(ResponseRunner)
+	@ResponseSchema(RunnerGroupNeededError)
+	@ResponseSchema(RunnerGroupNotFoundError)
+	@OpenAPI({ description: 'Create a new runner object (id will be generated automagicly).' })
+	async post(@Body({ validate: true }) createRunner: CreateRunner) {
+		let runner;
+		try {
+			runner = await createRunner.toRunner();
+		} catch (error) {
+			throw error;
+		}
+
+		runner = await this.runnerRepository.save(runner)
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group'] }));
+	}
+
+	@Put('/:id')
+	@Authorized("RUNNER:UPDATE")
+	@ResponseSchema(ResponseRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update a runner object (id can't be changed)." })
+	async put(@Param('id') id: number, @Body({ validate: true }) runner: UpdateRunner) {
+		let oldRunner = await this.runnerRepository.findOne({ id: id }, { relations: ['group'] });
+
+		if (!oldRunner) {
+			throw new RunnerNotFoundError();
+		}
+
+		if (oldRunner.id != runner.id) {
+			throw new RunnerIdsNotMatchingError();
+		}
+
+		await this.runnerRepository.save(await runner.updateRunner(oldRunner));
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] }));
+	}
+
+	@Delete('/:id')
+	@Authorized("RUNNER:DELETE")
+	@ResponseSchema(ResponseRunner)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let runner = await this.runnerRepository.findOne({ id: id });
+		if (!runner) { return null; }
+		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group'] });
+
+		if (!runner) {
+			throw new RunnerNotFoundError();
+		}
+
+		await this.runnerRepository.delete(runner);
+		return new ResponseRunner(responseRunner);
+	}
+}
--- a/src/controllers/RunnerOrganisationController.ts
+++ b/src/controllers/RunnerOrganisationController.ts
@ -1,119 +1,127 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
-import { RunnerOrganisationHasRunnersError, RunnerOrganisationHasTeamsError, RunnerOrganisationIdsNotMatchingError, RunnerOrganisationNotFoundError } from '../errors/RunnerOrganisationErrors';
-import { CreateRunnerOrganisation } from '../models/creation/CreateRunnerOrganisation';
-import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
-import { ResponseRunnerOrganisation } from '../models/responses/ResponseRunnerOrganisation';
-import { RunnerController } from './RunnerController';
-import { RunnerTeamController } from './RunnerTeamController';
-
-
-@JsonController('/organisation')
-//@Authorized('RUNNERS:read')
-export class RunnerOrganisationController {
-	private runnerOrganisationRepository: Repository<RunnerOrganisation>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerOrganisationRepository = getConnectionManager().get().getRepository(RunnerOrganisation);
-	}
-
-	@Get()
-	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
-	async getAll() {
-		let responseTeams: ResponseRunnerOrganisation[] = new Array<ResponseRunnerOrganisation>();
-		const runners = await this.runnerOrganisationRepository.find({ relations: ['address', 'contact', 'teams'] });
-		console.log(runners);
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerOrganisation(runner));
-		});
-		return responseTeams;
-	}
-
-	@Get('/:id')
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerOrganisationNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerOrganisation of a specified id (if it exists)' })
-	async getOne(@Param('id') id: number) {
-		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['address', 'contact', 'teams'] }));
-	}
-
-	@Post()
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
-	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
-		let runnerOrganisation;
-		try {
-			runnerOrganisation = await createRunnerOrganisation.toRunnerOrganisation();
-		} catch (error) {
-			return error;
-		}
-
-		runnerOrganisation = await this.runnerOrganisationRepository.save(runnerOrganisation);
-
-		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(runnerOrganisation, { relations: ['address', 'contact', 'teams'] }));
-	}
-
-	@Put('/:id')
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerOrganisation object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() runnerOrganisation: RunnerOrganisation) {
-		let oldRunnerOrganisation = await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['address', 'contact', 'teams'] });
-
-		if (!oldRunnerOrganisation) {
-			throw new RunnerOrganisationNotFoundError();
-		}
-
-		if (oldRunnerOrganisation.id != runnerOrganisation.id) {
-			throw new RunnerOrganisationIdsNotMatchingError();
-		}
-
-		await this.runnerOrganisationRepository.update(oldRunnerOrganisation, runnerOrganisation);
-
-		runnerOrganisation = await this.runnerOrganisationRepository.findOne(runnerOrganisation, { relations: ['address', 'contact', 'teams'] });
-		return new ResponseRunnerOrganisation(runnerOrganisation);
-	}
-
-	@Delete('/:id')
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
-	@ResponseSchema(RunnerOrganisationHasRunnersError, { statusCode: 406 })
-	@OpenAPI({ description: 'Delete a specified runnerOrganisation (if it exists).' })
-	async remove(@EntityFromParam('id') organisation: RunnerOrganisation, @QueryParam("force") force: boolean) {
-		if (!organisation) { throw new RunnerOrganisationNotFoundError() }
-		let runnerOrganisation = await this.runnerOrganisationRepository.findOne(organisation, { relations: ['address', 'contact', 'runners', 'teams'] });
-
-		if (!force) {
-			if (runnerOrganisation.teams.length != 0) {
-				throw new RunnerOrganisationHasTeamsError();
-			}
-		}
-		const teamController = new RunnerTeamController()
-		for (let team of runnerOrganisation.teams) {
-			await teamController.remove(team, true);
-		}
-
-		if (!force) {
-			if (runnerOrganisation.runners.length != 0) {
-				throw new RunnerOrganisationHasRunnersError();
-			}
-		}
-		const runnerController = new RunnerController()
-		for (let runner of runnerOrganisation.runners) {
-			await runnerController.remove(runner, true);
-		}
-
-		const responseOrganisation = new ResponseRunnerOrganisation(runnerOrganisation);
-		await this.runnerOrganisationRepository.delete(organisation);
-		return responseOrganisation;
-	}
-}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { RunnerOrganisationHasRunnersError, RunnerOrganisationHasTeamsError, RunnerOrganisationIdsNotMatchingError, RunnerOrganisationNotFoundError } from '../errors/RunnerOrganisationErrors';
+import { CreateRunnerOrganisation } from '../models/actions/CreateRunnerOrganisation';
+import { UpdateRunnerOrganisation } from '../models/actions/UpdateRunnerOrganisation';
+import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunnerOrganisation } from '../models/responses/ResponseRunnerOrganisation';
+import { RunnerController } from './RunnerController';
+import { RunnerTeamController } from './RunnerTeamController';
+
+
+@JsonController('/organisations')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class RunnerOrganisationController {
+	private runnerOrganisationRepository: Repository<RunnerOrganisation>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerOrganisationRepository = getConnectionManager().get().getRepository(RunnerOrganisation);
+	}
+
+	@Get()
+	@Authorized("ORGANISATION:GET")
+	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
+	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
+	async getAll() {
+		let responseTeams: ResponseRunnerOrganisation[] = new Array<ResponseRunnerOrganisation>();
+		const runners = await this.runnerOrganisationRepository.find({ relations: ['address', 'contact', 'teams'] });
+		runners.forEach(runner => {
+			responseTeams.push(new ResponseRunnerOrganisation(runner));
+		});
+		return responseTeams;
+	}
+
+	@Get('/:id')
+	@Authorized("ORGANISATION:GET")
+	@ResponseSchema(ResponseRunnerOrganisation)
+	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerOrganisationNotFoundError)
+	@OpenAPI({ description: 'Returns a runnerOrganisation of a specified id (if it exists)' })
+	async getOne(@Param('id') id: number) {
+		let runnerOrg = await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['address', 'contact', 'teams'] });
+		if (!runnerOrg) { throw new RunnerOrganisationNotFoundError(); }
+		return new ResponseRunnerOrganisation(runnerOrg);
+	}
+
+	@Post()
+	@Authorized("ORGANISATION:CREATE")
+	@ResponseSchema(ResponseRunnerOrganisation)
+	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
+	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
+		let runnerOrganisation;
+		try {
+			runnerOrganisation = await createRunnerOrganisation.toRunnerOrganisation();
+		} catch (error) {
+			throw error;
+		}
+
+		runnerOrganisation = await this.runnerOrganisationRepository.save(runnerOrganisation);
+
+		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(runnerOrganisation, { relations: ['address', 'contact', 'teams'] }));
+	}
+
+	@Put('/:id')
+	@Authorized("ORGANISATION:UPDATE")
+	@ResponseSchema(ResponseRunnerOrganisation)
+	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update a runnerOrganisation object (id can't be changed)." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateOrganisation: UpdateRunnerOrganisation) {
+		let oldRunnerOrganisation = await this.runnerOrganisationRepository.findOne({ id: id });
+
+		if (!oldRunnerOrganisation) {
+			throw new RunnerOrganisationNotFoundError();
+		}
+
+		if (oldRunnerOrganisation.id != updateOrganisation.id) {
+			throw new RunnerOrganisationIdsNotMatchingError();
+		}
+
+		await this.runnerOrganisationRepository.save(await updateOrganisation.updateRunnerOrganisation(oldRunnerOrganisation));
+
+		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(id, { relations: ['address', 'contact', 'teams'] }));
+	}
+
+	@Delete('/:id')
+	@Authorized("ORGANISATION:DELETE")
+	@ResponseSchema(ResponseRunnerOrganisation)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
+	@ResponseSchema(RunnerOrganisationHasRunnersError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete a specified runnerOrganisation (if it exists).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let organisation = await this.runnerOrganisationRepository.findOne({ id: id });
+		if (!organisation) { return null; }
+		let runnerOrganisation = await this.runnerOrganisationRepository.findOne(organisation, { relations: ['address', 'contact', 'runners', 'teams'] });
+
+		if (!force) {
+			if (runnerOrganisation.teams.length != 0) {
+				throw new RunnerOrganisationHasTeamsError();
+			}
+		}
+		const teamController = new RunnerTeamController()
+		for (let team of runnerOrganisation.teams) {
+			await teamController.remove(team.id, true);
+		}
+
+		if (!force) {
+			if (runnerOrganisation.runners.length != 0) {
+				throw new RunnerOrganisationHasRunnersError();
+			}
+		}
+		const runnerController = new RunnerController()
+		for (let runner of runnerOrganisation.runners) {
+			await runnerController.remove(runner.id, true);
+		}
+
+		const responseOrganisation = new ResponseRunnerOrganisation(runnerOrganisation);
+		await this.runnerOrganisationRepository.delete(organisation);
+		return responseOrganisation;
+	}
+}
--- a/src/controllers/RunnerTeamController.ts
+++ b/src/controllers/RunnerTeamController.ts
@ -1,108 +1,116 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
-import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
-import { CreateRunnerTeam } from '../models/creation/CreateRunnerTeam';
-import { RunnerTeam } from '../models/entities/RunnerTeam';
-import { ResponseRunnerTeam } from '../models/responses/ResponseRunnerTeam';
-import { RunnerController } from './RunnerController';
-
-
-@JsonController('/teams')
-//@Authorized('RUNNERS:read')
-export class RunnerTeamController {
-	private runnerTeamRepository: Repository<RunnerTeam>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerTeamRepository = getConnectionManager().get().getRepository(RunnerTeam);
-	}
-
-	@Get()
-	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerTeams.' })
-	async getAll() {
-		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
-		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
-		console.log(runners);
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerTeam(runner));
-		});
-		return responseTeams;
-	}
-
-	@Get('/:id')
-	@ResponseSchema(ResponseRunnerTeam)
-	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerTeamNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerTeam of a specified id (if it exists)' })
-	async getOne(@Param('id') id: number) {
-		return new ResponseRunnerTeam(await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] }));
-	}
-
-	@Post()
-	@ResponseSchema(ResponseRunnerTeam)
-	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
-	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
-		let runnerTeam;
-		try {
-			runnerTeam = await createRunnerTeam.toRunnerTeam();
-		} catch (error) {
-			return error;
-		}
-
-		runnerTeam = await this.runnerTeamRepository.save(runnerTeam);
-		runnerTeam = await this.runnerTeamRepository.findOne(runnerTeam, { relations: ['parentGroup', 'contact'] });
-
-		return new ResponseRunnerTeam(runnerTeam);
-	}
-
-	@Put('/:id')
-	@ResponseSchema(ResponseRunnerTeam)
-	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerTeam object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() runnerTeam: RunnerTeam) {
-		let oldRunnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
-
-		if (!oldRunnerTeam) {
-			throw new RunnerTeamNotFoundError();
-		}
-
-		if (oldRunnerTeam.id != runnerTeam.id) {
-			throw new RunnerTeamIdsNotMatchingError();
-		}
-
-		await this.runnerTeamRepository.update(oldRunnerTeam, runnerTeam);
-
-		runnerTeam = await this.runnerTeamRepository.findOne(runnerTeam, { relations: ['parentGroup', 'contact'] });
-		return new ResponseRunnerTeam(runnerTeam);
-	}
-
-	@Delete('/:id')
-	@ResponseSchema(ResponseRunnerTeam)
-	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })
-	@OpenAPI({ description: 'Delete a specified runnerTeam (if it exists).' })
-	async remove(@EntityFromParam('id') team: RunnerTeam, @QueryParam("force") force: boolean) {
-		if (!team) { throw new RunnerTeamNotFoundError(); }
-		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['parentGroup', 'contact', 'runners'] });
-
-		if (!force) {
-			if (runnerTeam.runners.length != 0) {
-				throw new RunnerTeamHasRunnersError();
-			}
-		}
-		const runnerController = new RunnerController()
-		for (let runner of runnerTeam.runners) {
-			await runnerController.remove(runner, true);
-		}
-
-		const responseTeam = new ResponseRunnerTeam(runnerTeam);
-		await this.runnerTeamRepository.delete(team);
-		return responseTeam;
-	}
-}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
+import { CreateRunnerTeam } from '../models/actions/CreateRunnerTeam';
+import { UpdateRunnerTeam } from '../models/actions/UpdateRunnerTeam';
+import { RunnerTeam } from '../models/entities/RunnerTeam';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunnerTeam } from '../models/responses/ResponseRunnerTeam';
+import { RunnerController } from './RunnerController';
+
+
+@JsonController('/teams')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class RunnerTeamController {
+	private runnerTeamRepository: Repository<RunnerTeam>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerTeamRepository = getConnectionManager().get().getRepository(RunnerTeam);
+	}
+
+	@Get()
+	@Authorized("TEAM:GET")
+	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
+	@OpenAPI({ description: 'Lists all runnerTeams.' })
+	async getAll() {
+		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
+		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
+		runners.forEach(runner => {
+			responseTeams.push(new ResponseRunnerTeam(runner));
+		});
+		return responseTeams;
+	}
+
+	@Get('/:id')
+	@Authorized("TEAM:GET")
+	@ResponseSchema(ResponseRunnerTeam)
+	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerTeamNotFoundError)
+	@OpenAPI({ description: 'Returns a runnerTeam of a specified id (if it exists)' })
+	async getOne(@Param('id') id: number) {
+		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
+		if (!runnerTeam) { throw new RunnerTeamNotFoundError(); }
+		return new ResponseRunnerTeam(runnerTeam);
+	}
+
+	@Post()
+	@Authorized("TEAM:CREATE")
+	@ResponseSchema(ResponseRunnerTeam)
+	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
+	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
+		let runnerTeam;
+		try {
+			runnerTeam = await createRunnerTeam.toRunnerTeam();
+		} catch (error) {
+			throw error;
+		}
+
+		runnerTeam = await this.runnerTeamRepository.save(runnerTeam);
+		runnerTeam = await this.runnerTeamRepository.findOne(runnerTeam, { relations: ['parentGroup', 'contact'] });
+
+		return new ResponseRunnerTeam(runnerTeam);
+	}
+
+	@Put('/:id')
+	@Authorized("TEAM:UPDATE")
+	@ResponseSchema(ResponseRunnerTeam)
+	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update a runnerTeam object (id can't be changed)." })
+	async put(@Param('id') id: number, @Body({ validate: true }) runnerTeam: UpdateRunnerTeam) {
+		let oldRunnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
+
+		if (!oldRunnerTeam) {
+			throw new RunnerTeamNotFoundError();
+		}
+
+		if (oldRunnerTeam.id != runnerTeam.id) {
+			throw new RunnerTeamIdsNotMatchingError();
+		}
+
+		await this.runnerTeamRepository.save(await runnerTeam.updateRunnerTeam(oldRunnerTeam));
+
+		return new ResponseRunnerTeam(await this.runnerTeamRepository.findOne({ id: runnerTeam.id }, { relations: ['parentGroup', 'contact'] }));
+	}
+
+	@Delete('/:id')
+	@Authorized("TEAM:DELETE")
+	@ResponseSchema(ResponseRunnerTeam)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete a specified runnerTeam (if it exists).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let team = await this.runnerTeamRepository.findOne({ id: id });
+		if (!team) { return null; }
+		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['parentGroup', 'contact', 'runners'] });
+
+		if (!force) {
+			if (runnerTeam.runners.length != 0) {
+				throw new RunnerTeamHasRunnersError();
+			}
+		}
+		const runnerController = new RunnerController()
+		for (let runner of runnerTeam.runners) {
+			await runnerController.remove(runner.id, true);
+		}
+
+		const responseTeam = new ResponseRunnerTeam(runnerTeam);
+		await this.runnerTeamRepository.delete(team);
+		return responseTeam;
+	}
+}
--- a/src/controllers/StatusController.ts
+++ b/src/controllers/StatusController.ts
@ -0,0 +1,22 @@
+import { Get, JsonController } from 'routing-controllers';
+import { OpenAPI } from 'routing-controllers-openapi';
+import { getConnection } from 'typeorm';
+
+@JsonController('/status')
+export class StatusController {
+
+    @Get()
+    @OpenAPI({ description: "Lists all tracks." })
+    get() {
+        let connection;
+        try {
+            connection = getConnection();
+        } catch {
+            throw new Error("sth is wrong, i can feel it....");
+        }
+        return {
+            "controllers": "✔",
+            "database connection": "✔"
+        };
+    }
+}
--- a/src/controllers/TrackController.ts
+++ b/src/controllers/TrackController.ts
@ -1,14 +1,15 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
+import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { TrackIdsNotMatchingError, TrackNotFoundError } from "../errors/TrackErrors";
-import { CreateTrack } from '../models/creation/CreateTrack';
+import { CreateTrack } from '../models/actions/CreateTrack';
 import { Track } from '../models/entities/Track';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseTrack } from '../models/responses/ResponseTrack';

@JsonController('/tracks')
-//@Authorized("TRACKS:read")
+@OpenAPI({ security: [{ "AuthToken": [] }] })
 export class TrackController {
 	private trackRepository: Repository<Track>;

@ -20,8 +21,8 @@ export class TrackController {
 	}

 	@Get()
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
-	@OpenAPI({ description: "Lists all tracks." })
 	async getAll() {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
 		const tracks = await this.trackRepository.find();
@ -32,15 +33,19 @@ export class TrackController {
 	}

 	@Get('/:id')
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@OnUndefined(TrackNotFoundError)
 	@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
 	async getOne(@Param('id') id: number) {
-		return new ResponseTrack(await this.trackRepository.findOne({ id: id }));
+		let track = await this.trackRepository.findOne({ id: id });
+		if (!track) { throw new TrackNotFoundError(); }
+		return new ResponseTrack(track);
 	}

 	@Post()
+	@Authorized("TRACK:CREATE")
 	@ResponseSchema(ResponseTrack)
 	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
 	async post(
@ -51,6 +56,7 @@ export class TrackController {
 	}

 	@Put('/:id')
+	@Authorized("TRACK:UPDATE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@ResponseSchema(TrackIdsNotMatchingError, { statusCode: 406 })
@ -66,16 +72,19 @@ export class TrackController {
 			throw new TrackIdsNotMatchingError();
 		}

-		await this.trackRepository.update(oldTrack, track);
+		await this.trackRepository.save(track);
 		return new ResponseTrack(track);
 	}

 	@Delete('/:id')
+	@Authorized("TRACK:DELETE")
 	@ResponseSchema(ResponseTrack)
-	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
 	@OpenAPI({ description: "Delete a specified track (if it exists)." })
-	async remove(@EntityFromParam('id') track: Track) {
-		if (!track) { throw new TrackNotFoundError(); }
+	async remove(@Param("id") id: number) {
+		let track = await this.trackRepository.findOne({ id: id });
+		if (!track) { return null; }

 		await this.trackRepository.delete(track);
 		return new ResponseTrack(track);
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@ -1,84 +1,108 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
-import { UserGroupNotFoundError, UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors';
-import { CreateUser } from '../models/creation/CreateUser';
-import { User } from '../models/entities/User';
-
-
-@JsonController('/users')
-export class UserController {
-	private userRepository: Repository<User>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.userRepository = getConnectionManager().get().getRepository(User);
-	}
-
-	@Get()
-	@ResponseSchema(User, { isArray: true })
-	@OpenAPI({ description: 'Lists all users.' })
-	getAll() {
-		return this.userRepository.find();
-	}
-
-	@Get('/:id')
-	@ResponseSchema(User)
-	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
-	@OnUndefined(UserNotFoundError)
-	@OpenAPI({ description: 'Returns a user of a specified id (if it exists)' })
-	getOne(@Param('id') id: number) {
-		return this.userRepository.findOne({ id: id });
-	}
-
-	@Post()
-	@ResponseSchema(User)
-	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
-	async post(@Body({ validate: true }) createUser: CreateUser) {
-		let user;
-		try {
-			user = await createUser.toUser();
-		} catch (error) {
-			return error;
-		}
-
-		return this.userRepository.save(user);
-	}
-
-	@Put('/:id')
-	@ResponseSchema(User)
-	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
-	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a user object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() user: User) {
-		let oldUser = await this.userRepository.findOne({ id: id });
-
-		if (!oldUser) {
-			throw new UserNotFoundError();
-		}
-
-		if (oldUser.id != user.id) {
-			throw new UserIdsNotMatchingError();
-		}
-
-		await this.userRepository.update(oldUser, user);
-		return user;
-	}
-
-	@Delete('/:id')
-	@ResponseSchema(User)
-	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
-	async remove(@EntityFromParam('id') user: User) {
-		if (!user) {
-			throw new UserNotFoundError();
-		}
-
-		await this.userRepository.delete(user);
-		return user;
-	}
-}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors';
+import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
+import { CreateUser } from '../models/actions/CreateUser';
+import { UpdateUser } from '../models/actions/UpdateUser';
+import { User } from '../models/entities/User';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseUser } from '../models/responses/ResponseUser';
+import { PermissionController } from './PermissionController';
+
+
+@JsonController('/users')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class UserController {
+	private userRepository: Repository<User>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.userRepository = getConnectionManager().get().getRepository(User);
+	}
+
+	@Get()
+	@Authorized("USER:GET")
+	@ResponseSchema(User, { isArray: true })
+	@OpenAPI({ description: 'Lists all users.' })
+	async getAll() {
+		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
+		const users = await this.userRepository.find({ relations: ['permissions', 'groups'] });
+		users.forEach(user => {
+			responseUsers.push(new ResponseUser(user));
+		});
+		return responseUsers;
+	}
+
+	@Get('/:id')
+	@Authorized("USER:GET")
+	@ResponseSchema(User)
+	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
+	@OnUndefined(UserNotFoundError)
+	@OpenAPI({ description: 'Returns a user of a specified id (if it exists)' })
+	async getOne(@Param('id') id: number) {
+		let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] })
+		if (!user) { throw new UserNotFoundError(); }
+		return new ResponseUser(user);
+	}
+
+	@Post()
+	@Authorized("USER:CREATE")
+	@ResponseSchema(User)
+	@ResponseSchema(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
+	async post(@Body({ validate: true }) createUser: CreateUser) {
+		let user;
+		try {
+			user = await createUser.toUser();
+		} catch (error) {
+			throw error;
+		}
+
+		user = await this.userRepository.save(user)
+		return new ResponseUser(await this.userRepository.findOne(user, { relations: ['permissions', 'groups'] }));
+	}
+
+	@Put('/:id')
+	@Authorized("USER:UPDATE")
+	@ResponseSchema(User)
+	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update a user object (id can't be changed)." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
+		let oldUser = await this.userRepository.findOne({ id: id });
+
+		if (!oldUser) {
+			throw new UserNotFoundError();
+		}
+
+		if (oldUser.id != updateUser.id) {
+			throw new UserIdsNotMatchingError();
+		}
+		await this.userRepository.save(await updateUser.updateUser(oldUser));
+
+		return new ResponseUser(await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] }));
+	}
+
+	@Delete('/:id')
+	@Authorized("USER:DELETE")
+	@ResponseSchema(User)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete a user runner (if it exists).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let user = await this.userRepository.findOne({ id: id });
+		if (!user) { return null; }
+		const responseUser = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] });;
+
+		const permissionControler = new PermissionController();
+		for (let permission of responseUser.permissions) {
+			await permissionControler.remove(permission.id, true);
+		}
+
+		await this.userRepository.delete(user);
+		return new ResponseUser(responseUser);
+	}
+}
--- a/src/controllers/UserGroupController.ts
+++ b/src/controllers/UserGroupController.ts
@ -1,84 +1,99 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody, EntityFromParam } from 'typeorm-routing-controllers-extensions';
-import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/UserGroupErrors';
-import { CreateUserGroup } from '../models/creation/CreateUserGroup';
-import { UserGroup } from '../models/entities/UserGroup';
-
-
-@JsonController('/usergroups')
-export class UserGroupController {
-	private userGroupsRepository: Repository<UserGroup>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.userGroupsRepository = getConnectionManager().get().getRepository(UserGroup);
-	}
-
-	@Get()
-	@ResponseSchema(UserGroup, { isArray: true })
-	@OpenAPI({ description: 'Lists all usergroups.' })
-	getAll() {
-		return this.userGroupsRepository.find();
-	}
-
-	@Get('/:id')
-	@ResponseSchema(UserGroup)
-	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
-	@OnUndefined(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Returns a usergroup of a specified id (if it exists)' })
-	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id });
-	}
-
-	@Post()
-	@ResponseSchema(UserGroup)
-	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
-	async post(@Body({ validate: true }) createUserGroup: CreateUserGroup) {
-		let userGroup;
-		try {
-			userGroup = await createUserGroup.toUserGroup();
-		} catch (error) {
-			return error;
-		}
-
-		return this.userGroupsRepository.save(userGroup);
-	}
-
-	@Put('/:id')
-	@ResponseSchema(UserGroup)
-	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
-	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a usergroup object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() userGroup: UserGroup) {
-		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id });
-
-		if (!oldUserGroup) {
-			throw new UserGroupNotFoundError()
-		}
-
-		if (oldUserGroup.id != userGroup.id) {
-			throw new UserGroupIdsNotMatchingError();
-		}
-
-		await this.userGroupsRepository.update(oldUserGroup, userGroup);
-		return userGroup;
-	}
-
-	@Delete('/:id')
-	@ResponseSchema(UserGroup)
-	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Delete a specified usergroup (if it exists).' })
-	async remove(@EntityFromParam('id') group: UserGroup) {
-		if (!group) {
-			throw new UserGroupNotFoundError();
-		}
-
-		await this.userGroupsRepository.delete(group);
-		return group;
-	}
-}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
+import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/UserGroupErrors';
+import { CreateUserGroup } from '../models/actions/CreateUserGroup';
+import { UserGroup } from '../models/entities/UserGroup';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseUserGroup } from '../models/responses/ResponseUserGroup';
+import { PermissionController } from './PermissionController';
+
+
+@JsonController('/usergroups')
+@OpenAPI({ security: [{ "AuthToken": [] }] })
+export class UserGroupController {
+	private userGroupsRepository: Repository<UserGroup>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.userGroupsRepository = getConnectionManager().get().getRepository(UserGroup);
+	}
+
+	@Get()
+	@Authorized("USERGROUP:GET")
+	@ResponseSchema(UserGroup, { isArray: true })
+	@OpenAPI({ description: 'Lists all usergroups.' })
+	getAll() {
+		return this.userGroupsRepository.find();
+	}
+
+	@Get('/:id')
+	@Authorized("USERGROUP:GET")
+	@ResponseSchema(UserGroup)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@OnUndefined(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Returns a usergroup of a specified id (if it exists)' })
+	getOne(@Param('id') id: number) {
+		return this.userGroupsRepository.findOne({ id: id });
+	}
+
+	@Post()
+	@Authorized("USERGROUP:CREATE")
+	@ResponseSchema(UserGroup)
+	@ResponseSchema(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
+	async post(@Body({ validate: true }) createUserGroup: CreateUserGroup) {
+		let userGroup;
+		try {
+			userGroup = await createUserGroup.toUserGroup();
+		} catch (error) {
+			throw error;
+		}
+
+		return this.userGroupsRepository.save(userGroup);
+	}
+
+	@Put('/:id')
+	@Authorized("USERGROUP:UPDATE")
+	@ResponseSchema(UserGroup)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update a usergroup object (id can't be changed)." })
+	async put(@Param('id') id: number, @EntityFromBody() userGroup: UserGroup) {
+		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id });
+
+		if (!oldUserGroup) {
+			throw new UserGroupNotFoundError()
+		}
+
+		if (oldUserGroup.id != userGroup.id) {
+			throw new UserGroupIdsNotMatchingError();
+		}
+
+		await this.userGroupsRepository.save(userGroup);
+		return userGroup;
+	}
+
+	@Delete('/:id')
+	@Authorized("USERGROUP:DELETE")
+	@ResponseSchema(ResponseUserGroup)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete a specified usergroup (if it exists).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let group = await this.userGroupsRepository.findOne({ id: id });
+		if (!group) { return null; }
+		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });;
+
+		const permissionControler = new PermissionController();
+		for (let permission of responseGroup.permissions) {
+			await permissionControler.remove(permission.id, true);
+		}
+
+		await this.userGroupsRepository.delete(group);
+		return new ResponseUserGroup(responseGroup);
+	}
+}
--- a/src/errors/AddressErrors.ts
+++ b/src/errors/AddressErrors.ts
@ -0,0 +1,24 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when to provided address doesn't belong to the accepted types.
+ */
+export class AddressWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "AddressWrongTypeError"
+
+	@IsString()
+	message = "The address must be an existing adress's id. \n You provided a object of another type."
+}
+
+/**
+ * Error to throw, when a non-existant address get's loaded.
+ */
+export class AddressNotFoundError extends NotFoundError {
+	@IsString()
+	name = "AddressNotFoundError"
+
+	@IsString()
+	message = "The address you provided couldn't be located in the system. \n Please check your request."
+}
--- a/src/errors/AuthError.ts
+++ b/src/errors/AuthError.ts
@ -0,0 +1,118 @@
+import { IsString } from 'class-validator';
+import { ForbiddenError, NotAcceptableError, NotFoundError, UnauthorizedError } from 'routing-controllers';
+
+/**
+ * Error to throw when a jwt could not be parsed.
+ * For example: Wrong signature or expired.
+ */
+export class IllegalJWTError extends UnauthorizedError {
+	@IsString()
+	name = "IllegalJWTError"
+
+	@IsString()
+	message = "Your provided jwt could not be parsed."
+}
+
+/**
+ * Error to throw when user is nonexistant or refreshtoken is invalid.
+ * This can happen if someone provides a JWT with a invalid user id or the refreshTokenCount of the user is higher that the provided jwt's is.
+ */
+export class UserNonexistantOrRefreshtokenInvalidError extends UnauthorizedError {
+	@IsString()
+	name = "UserNonexistantOrRefreshtokenInvalidError"
+
+	@IsString()
+	message = "User is nonexistant or refreshtoken is invalid."
+}
+
+/**
+ * Error to throw when provided credentials are invalid.
+ * We don't have seperate errors for username/mail and passwords to protect against guessing attacks.
+ */
+export class InvalidCredentialsError extends UnauthorizedError {
+	@IsString()
+	name = "InvalidCredentialsError"
+
+	@IsString()
+	message = "Your provided credentials are invalid."
+}
+
+/**
+ * Error to throw when a jwt does not have permission for this route/action.
+ * Mainly used be the @Authorized decorator (via the authchecker).
+ */
+export class NoPermissionError extends ForbiddenError {
+	@IsString()
+	name = "NoPermissionError"
+
+	@IsString()
+	message = "Your provided jwt does not have permission for this route/ action."
+}
+
+/**
+ * Error to throw when no username and no email is set.
+ * Because we have to identify users somehow.
+ */
+export class UsernameOrEmailNeededError extends NotAcceptableError {
+	@IsString()
+	name = "UsernameOrEmailNeededError"
+
+	@IsString()
+	message = "Auth needs to have email or username set! \n You provided neither."
+}
+
+/**
+ * Error to throw when no password is provided for a new user.
+ * Passwords are the minimum we need for user security.
+ */
+export class PasswordNeededError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordNeededError"
+
+	@IsString()
+	message = "No password is provided - you need to provide it."
+}
+
+/**
+ * Error to throw when no user could be found for a certain query.
+ */
+export class UserNotFoundError extends NotFoundError {
+	@IsString()
+	name = "UserNotFoundError"
+
+	@IsString()
+	message = "The user you provided couldn't be located in the system. \n Please check your request."
+}
+
+/**
+ * Error to throw when no jwt was provided (but one had to be).
+ */
+export class JwtNotProvidedError extends NotAcceptableError {
+	@IsString()
+	name = "JwtNotProvidedError"
+
+	@IsString()
+	message = "No jwt was provided."
+}
+
+/**
+ * Error to throw when user was not found or the jwt's refresh token count was invalid.
+ */
+export class UserNotFoundOrRefreshTokenCountInvalidError extends NotAcceptableError {
+	@IsString()
+	name = "UserNotFoundOrRefreshTokenCountInvalidError"
+
+	@IsString()
+	message = "User was not found or the refresh token count is invalid."
+}
+
+/**
+ * Error to throw when refresh token count was invalid
+ */
+export class RefreshTokenCountInvalidError extends NotAcceptableError {
+	@IsString()
+	name = "RefreshTokenCountInvalidError"
+
+	@IsString()
+	message = "Refresh token count is invalid."
+}
--- a/src/errors/GroupContactErrors.ts
+++ b/src/errors/GroupContactErrors.ts
@ -0,0 +1,24 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when a provided groupContact doesn't belong to the accepted types.
+ */
+export class GroupContactWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "GroupContactWrongTypeError"
+
+	@IsString()
+	message = "The groupContact must be an existing groupContact's id. \n You provided a object of another type."
+}
+
+/**
+ * Error to throw, when a non-existant groupContact get's loaded.
+ */
+export class GroupContactNotFoundError extends NotFoundError {
+	@IsString()
+	name = "GroupContactNotFoundError"
+
+	@IsString()
+	message = "The groupContact you provided couldn't be located in the system. \n Please check your request."
+}
--- a/src/errors/ParticipantErrors.ts
+++ b/src/errors/ParticipantErrors.ts
@ -1,18 +0,0 @@
-import { IsString } from 'class-validator';
-import { NotAcceptableError, NotFoundError } from 'routing-controllers';
-
-export class ParticipantOnlyOneAddressAllowedError extends NotAcceptableError {
-	@IsString()
-	name = "ParticipantOnlyOneAddressAllowedError"
-
-	@IsString()
-	message = "Participant's can only have one address! \n You provided an id and address object.."
-}
-
-export class ParticipantAddressNotFoundError extends NotFoundError {
-	@IsString()
-	name = "ParticipantAddressNotFoundError"
-
-	@IsString()
-	message = "The address you provided couldn't be located in the system. \n Please check your request."
-}
--- a/src/errors/PermissionErrors.ts
+++ b/src/errors/PermissionErrors.ts
@ -0,0 +1,36 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a permission couldn't be found.
+ */
+export class PermissionNotFoundError extends NotFoundError {
+	@IsString()
+	name = "PermissionNotFoundError"
+
+	@IsString()
+	message = "Permission not found!"
+}
+
+/**
+ * Error to throw when two permissions' ids don't match.
+ * Usually occurs when a user tries to change a permission's id.
+ */
+export class PermissionIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "PermissionIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a permission's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a permission gets provided without a principal.
+ */
+export class PermissionNeedsPrincipalError extends NotAcceptableError {
+	@IsString()
+	name = "PermissionNeedsPrincipalError"
+
+	@IsString()
+	message = "You provided no principal for this permission."
+}
--- a/src/errors/PrincipalErrors.ts
+++ b/src/errors/PrincipalErrors.ts
@ -0,0 +1,24 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a user couldn't be found.
+ */
+export class PrincipalNotFoundError extends NotFoundError {
+	@IsString()
+	name = "PrincipalNotFoundError"
+
+	@IsString()
+	message = "Principal not found!"
+}
+
+/**
+ * Error to throw, when a provided runnerOrganisation doesn't belong to the accepted types.
+ */
+export class PrincipalWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "PrincipalWrongTypeError"
+
+	@IsString()
+	message = "The princial must have an existing principal's id. \n You provided a object of another type."
+}
--- a/src/errors/RunnerErrors.ts
+++ b/src/errors/RunnerErrors.ts
@ -1,9 +1,8 @@
-import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError } from 'routing-controllers';
-import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';

 /**
 * Error to throw when a runner couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class RunnerNotFoundError extends NotFoundError {
 	@IsString()
@ -16,37 +15,22 @@ export class RunnerNotFoundError extends NotFoundError {
 /**
 * Error to throw when two runners' ids don't match.
 * Usually occurs when a user tries to change a runner's id.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class RunnerIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
-}
-
-export class RunnerOnlyOneGroupAllowedError extends NotAcceptableError {
-	@IsString()
-	name = "RunnerOnlyOneGroupAllowedError"
-
-	@IsString()
-	message = "Runner's can only be part of one group (team or organisiation)! \n You provided an id for both."
+	message = "The ids don't match! \n And if you wanted to change a runner's id: This isn't allowed!"
 }

+/**
+ * Error to throw when a runner is missing his group association.
+ */
 export class RunnerGroupNeededError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerGroupNeededError"

 	@IsString()
 	message = "Runner's need to be part of one group (team or organisiation)! \n You provided neither."
-}
-
-
-export class RunnerGroupNotFoundError extends NotFoundError {
-	@IsString()
-	name = "RunnerGroupNotFoundError"
-
-	@IsString()
-	message = "The group you provided couldn't be located in the system. \n Please check your request."
 }
--- a/src/errors/RunnerGroupErrors.ts
+++ b/src/errors/RunnerGroupErrors.ts
@ -0,0 +1,13 @@
+import { IsString } from 'class-validator';
+import { NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a runner group couldn't be found.
+ */
+export class RunnerGroupNotFoundError extends NotFoundError {
+	@IsString()
+	name = "RunnerGroupNotFoundError"
+
+	@IsString()
+	message = "RunnerGroup not found!"
+}
--- a/src/errors/RunnerOrganisationErrors.ts
+++ b/src/errors/RunnerOrganisationErrors.ts
@ -3,7 +3,6 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';

 /**
 * Error to throw when a runner organisation couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class RunnerOrganisationNotFoundError extends NotFoundError {
 	@IsString()
@ -15,37 +14,45 @@ export class RunnerOrganisationNotFoundError extends NotFoundError {

 /**
 * Error to throw when two runner organisations' ids don't match.
- * Usually occurs when a user tries to change a runner's id.
- * Implemented this way to work with the json-schema conversion for openapi.
+ * Usually occurs when a user tries to change a runner organisation's id.
 */
 export class RunnerOrganisationIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a runner organisation's id: This isn't allowed!"
 }

 /**
 * Error to throw when a organisation still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
 */
 export class RunnerOrganisationHasRunnersError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationHasRunnersError"

 	@IsString()
-	message = "This organisation still has runners associated with it. \n If you want to delete this organisation with all it's runners and teams ass `?force` to your query."
+	message = "This organisation still has runners associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
 }

 /**
- * Error to throw when a organisation still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
+ * Error to throw when a organisation still has teams associated.
 */
 export class RunnerOrganisationHasTeamsError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationHasTeamsError"

 	@IsString()
-	message = "This organisation still has teams associated with it. \n If you want to delete this organisation with all it's runners and teams ass `?force` to your query."
-}
+	message = "This organisation still has teams associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
+}
+
+/**
+ * Error to throw, when a provided runnerOrganisation doesn't belong to the accepted types.
+ */
+export class RunnerOrganisationWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerOrganisationWrongTypeError"
+
+	@IsString()
+	message = "The runner organisation must be an existing organisation's id. \n You provided a object of another type."
+}
--- a/src/errors/RunnerTeamErrors.ts
+++ b/src/errors/RunnerTeamErrors.ts
@ -3,7 +3,6 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';

 /**
 * Error to throw when a runner team couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class RunnerTeamNotFoundError extends NotFoundError {
 	@IsString()
@ -15,25 +14,34 @@ export class RunnerTeamNotFoundError extends NotFoundError {

 /**
 * Error to throw when two runner teams' ids don't match.
- * Usually occurs when a user tries to change a runner's id.
- * Implemented this way to work with the json-schema conversion for openapi.
+ * Usually occurs when a user tries to change a runner team's id.
 */
 export class RunnerTeamIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerTeamIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a runner's id: This isn't allowed!"
 }

 /**
 * Error to throw when a team still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
 */
 export class RunnerTeamHasRunnersError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerTeamHasRunnersError"

 	@IsString()
-	message = "This team still has runners associated with it. \n If you want to delete this team with all it's runners and teams ass `?force` to your query."
+	message = "This team still has runners associated with it. \n If you want to delete this team with all it's runners and teams add `?force` to your query."
+}
+
+/**
+ * Error to throw when a team still has runners associated.
+ */
+export class RunnerTeamNeedsParentError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerTeamNeedsParentError"
+
+	@IsString()
+	message = "You provided no runner organisation as this team's parent group."
 }
--- a/src/errors/TrackErrors.ts
+++ b/src/errors/TrackErrors.ts
@ -1,9 +1,8 @@
-import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError } from 'routing-controllers';
-import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';

 /**
 * Error to throw when a track couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class TrackNotFoundError extends NotFoundError {
 	@IsString()
@ -16,12 +15,11 @@ export class TrackNotFoundError extends NotFoundError {
 /**
 * Error to throw when two tracks' ids don't match.
 * Usually occurs when a user tries to change a track's id.
- * Implemented this ways to work with the json-schema conversion for openapi.
 */
 export class TrackIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "TrackIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a track's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a track's id: This isn't allowed"
 }
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@ -1,26 +1,17 @@
 import { IsString } from 'class-validator';
 import { NotAcceptableError, NotFoundError } from 'routing-controllers';

-/**
- * Error to throw when a usergroup couldn't be found.
- */
-export class UserGroupNotFoundError extends NotFoundError {
-	@IsString()
-	name = "UserGroupNotFoundError"
-
-	@IsString()
-	message = "User Group not found!"
-}

 /**
- * Error to throw when no username or email is set
+ * Error to throw when no username or email is set.
+ * We somehow need to identify you :)
 */
 export class UsernameOrEmailNeededError extends NotFoundError {
 	@IsString()
 	name = "UsernameOrEmailNeededError"

 	@IsString()
-	message = "no username or email is set!"
+	message = "No username or email is set!"
 }

 /**
@ -43,5 +34,5 @@ export class UserIdsNotMatchingError extends NotAcceptableError {
 	name = "UserIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a user's id: This isn't allowed"
+	message = "The ids don't match!! \n And if you wanted to change a user's id: This isn't allowed!"
 }
--- a/src/errors/UserGroupErrors.ts
+++ b/src/errors/UserGroupErrors.ts
@ -2,14 +2,14 @@ import { IsString } from 'class-validator';
 import { NotAcceptableError, NotFoundError } from 'routing-controllers';

 /**
- * Error to throw when no groupname is set
+ * Error to throw when no groupname is set.
 */
 export class GroupNameNeededError extends NotFoundError {
 	@IsString()
 	name = "GroupNameNeededError"

 	@IsString()
-	message = "no groupname is set!"
+	message = "No name is set for this group!"
 }

 /**
@ -32,5 +32,5 @@ export class UserGroupIdsNotMatchingError extends NotAcceptableError {
 	name = "UserGroupIdsNotMatchingError"

 	@IsString()
-	message = "The id's don't match!! \n If you wanted to change a usergroup's id: This isn't allowed"
+	message = "The ids don't match!! \n If you wanted to change a usergroup's id: This isn't allowed!"
 }
--- a/src/jwtcreator.ts
+++ b/src/jwtcreator.ts
@ -0,0 +1,114 @@
+import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
+import * as jsonwebtoken from "jsonwebtoken";
+import { config } from './config';
+import { User } from './models/entities/User';
+
+/**
+ * This class is responsible for all things JWT creation.
+ */
+export class JwtCreator {
+    /**
+     * Creates a new refresh token for a given user
+     * @param user User entity that the refresh token shall be created for
+     * @param expiry_timestamp Timestamp for the token expiry. Will be generated if not provided.
+     */
+    public static createRefresh(user: User, expiry_timestamp?: number) {
+        if (!expiry_timestamp) { expiry_timestamp = Math.floor(Date.now() / 1000) + 10 * 36000; }
+        return jsonwebtoken.sign({
+            refreshTokenCount: user.refreshTokenCount,
+            id: user.id,
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+
+    /**
+     * Creates a new access token for a given user
+     * @param user User entity that the access token shall be created for
+     * @param expiry_timestamp Timestamp for the token expiry. Will be generated if not provided.
+     */
+    public static createAccess(user: User, expiry_timestamp?: number) {
+        if (!expiry_timestamp) { expiry_timestamp = Math.floor(Date.now() / 1000) + 10 * 36000; }
+        return jsonwebtoken.sign({
+            userdetails: new JwtUser(user),
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+}
+
+/**
+ * Special variant of the user class that 
+ */
+export class JwtUser {
+    @IsInt()
+    id: number;
+
+    @IsUUID(4)
+    uuid: string;
+
+    @IsOptional()
+    @IsEmail()
+    email?: string;
+
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    @IsString()
+    @IsNotEmpty()
+    firstname: string;
+
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    @IsString()
+    @IsNotEmpty()
+    lastname: string;
+
+    permissions: string[];
+
+    @IsBoolean()
+    enabled: boolean;
+
+    @IsInt()
+    @IsNotEmpty()
+    refreshTokenCount?: number;
+
+    @IsString()
+    @IsOptional()
+    profilePic?: string;
+
+    /**
+     * Creates a new instance of this class based on a provided user entity.
+     * @param user User entity that shall be encapsulated in a jwt.
+     */
+    public constructor(user: User) {
+        this.id = user.id;
+        this.firstname = user.firstname;
+        this.middlename = user.middlename;
+        this.lastname = user.lastname;
+        this.username = user.username;
+        this.email = user.email;
+        this.refreshTokenCount = user.refreshTokenCount;
+        this.uuid = user.uuid;
+        this.profilePic = user.profilePic;
+        this.permissions = this.getPermissions(user);
+    }
+
+    /**
+     * Handels getting the permissions granted to this user (direct or indirect).
+     * @param user User which's permissions shall be gotten.
+     */
+    public getPermissions(user: User): string[] {
+        let returnPermissions: string[] = new Array<string>();
+        for (let permission of user.permissions) {
+            returnPermissions.push(permission.toString());
+        }
+        for (let group of user.groups) {
+            for (let permission of group.permissions) {
+                returnPermissions.push(permission.toString());
+            }
+        }
+        return Array.from(new Set(returnPermissions));
+    }
+}
--- a/src/loaders/database.ts
+++ b/src/loaders/database.ts
@ -1,7 +1,16 @@
 import { createConnection } from "typeorm";
-
+import { runSeeder } from 'typeorm-seeding';
+import { User } from '../models/entities/User';
+import SeedUsers from '../seeds/SeedUsers';
+/**
+ * Loader for the database that creates the database connection and initializes the database tabels.
+ * It also triggers the seeding process if no users got detected in the database.
+ */
 export default async () => {
    const connection = await createConnection();
-    connection.synchronize();
+    await connection.synchronize();
+    if (await connection.getRepository(User).count() === 0) {
+        await runSeeder(SeedUsers);
+    }
    return connection;
 };
--- a/src/loaders/express.ts
+++ b/src/loaders/express.ts
@ -1,8 +1,11 @@
+import cookieParser from "cookie-parser";
 import { Application } from "express";
-import bodyParser from 'body-parser';
-import cors from 'cors';
-
+/**
+ * Loader for express related configurations.
+ * Configures proxy trusts, globally used middlewares and other express features.
+ */
 export default async (app: Application) => {
 	app.enable('trust proxy');
+	app.use(cookieParser());
 	return app;
 };
--- a/src/loaders/index.ts
+++ b/src/loaders/index.ts
@ -1,8 +1,12 @@
+import { Application } from "express";
+import databaseLoader from "./database";
 import expressLoader from "./express";
 import openapiLoader from "./openapi";
-import databaseLoader from "./database";
-import { Application } from "express";

+/**
+ * Index Loader that executes the other loaders in the right order.
+ * This basicly exists for abstraction and a overall better dev experience.
+ */
 export default async (app: Application) => {
    await databaseLoader();
    await openapiLoader(app);
--- a/src/loaders/openapi.ts
+++ b/src/loaders/openapi.ts
@ -1,14 +1,20 @@
+import { validationMetadatasToSchemas } from "class-validator-jsonschema";
 import { Application } from "express";
-import * as swaggerUiExpress from "swagger-ui-express";
 import { getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from "routing-controllers-openapi";
-import { validationMetadatasToSchemas } from "class-validator-jsonschema";
+import * as swaggerUiExpress from "swagger-ui-express";

+/**
+ * Loader for everything openapi related - from creating the schema to serving it via a static route and swaggerUiExpress.
+ * All auth schema related stuff also has to be configured here
+ */
 export default async (app: Application) => {
  const storage = getMetadataArgsStorage();
  const schemas = validationMetadatasToSchemas({
    refPointerPrefix: "#/components/schemas/",
  });
+
+  //Spec creation based on the previously created schemas
  const spec = routingControllersToSpec(
    storage,
    {
@ -17,6 +23,14 @@ export default async (app: Application) => {
    {
      components: {
        schemas,
+        "securitySchemes": {
+          "AuthToken": {
+            "type": "http",
+            "scheme": "bearer",
+            "bearerFormat": "JWT",
+            description: "A JWT based access token. Use /api/auth/login or /api/auth/refresh to get one."
+          }
+        }
      },
      info: {
        description: "The the backend API for the LfK! runner system.",
@ -25,6 +39,8 @@ export default async (app: Application) => {
      },
    }
  );
+
+  //Options for swaggerUiExpress
  const options = {
    explorer: true,
  };
--- a/src/middlewares/ErrorHandler.ts
+++ b/src/middlewares/ErrorHandler.ts
@ -1,20 +1,14 @@
-import {
-    Middleware,
-    ExpressErrorMiddlewareInterface
-} from "routing-controllers";
+import { ExpressErrorMiddlewareInterface, Middleware } from "routing-controllers";

+/**
+ * Our Error handling middlware that returns our custom httperrors to the user.
+ */
@Middleware({ type: "after" })
 export class ErrorHandler implements ExpressErrorMiddlewareInterface {
-    public error(
-        error: any,
-        request: any,
-        response: any,
-        next: (err: any) => any
-    ) {
+    public error(error: any, request: any, response: any, next: (err: any) => any) {
        if (response.headersSent) {
            return;
        }
-
        response.json(error);
    }
 }
--- a/src/middlewares/RawBody.ts
+++ b/src/middlewares/RawBody.ts
@ -0,0 +1,23 @@
+import { Request, Response } from 'express';
+
+/**
+ * Custom express middleware that appends the raw body to the request obeject.
+ * Mainly used for parsing csvs from boddies.
+ */
+
+const RawBodyMiddleware = (req: Request, res: Response, next: () => void) => {
+    const body = []
+    req.on('data', chunk => {
+        body.push(chunk)
+    })
+    req.on('end', () => {
+        const rawBody = Buffer.concat(body)
+        req['rawBody'] = rawBody
+        next()
+    })
+    req.on('error', () => {
+        res.sendStatus(400)
+    })
+}
+
+export default RawBodyMiddleware
--- a/src/middlewares/jwtauth.ts
+++ b/src/middlewares/jwtauth.ts
@ -1,17 +0,0 @@
-import { Request, Response, NextFunction } from "express";
-// import bodyParser from 'body-parser';
-// import cors from 'cors';
-import * as jwt from "jsonwebtoken";
-
-export default (req: Request, res: Response, next: NextFunction) => {
-  const token = <string>req.headers["auth"];
-  try {
-    const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
-    // const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
-    res.locals.jwtPayload = jwtPayload;
-  } catch (error) {
-    console.log(error);
-    return res.status(401).send();
-  }
-  next();
-};
--- a/src/models/creation/CreateAddress.ts
+++ b/src/models/creation/CreateAddress.ts
@ -1,16 +1,19 @@
 import { IsNotEmpty, IsOptional, IsPostalCode, IsString } from 'class-validator';
 import { Address } from '../entities/Address';

+/**
+ * This classed is used to create a new Address entity from a json body (post request).
+ */
 export class CreateAddress {
    /**
-   * The address's description.
-   */
+     * The newaddress's description.
+     */
    @IsString()
    @IsOptional()
    description?: string;

    /**
-     * The address's first line.
+     * The new address's first line.
     * Containing the street and house number.
     */
    @IsString()
@ -18,7 +21,7 @@ export class CreateAddress {
    address1: string;

    /**
-     * The address's second line.
+     * The new address's second line.
     * Containing optional information.
     */
    @IsString()
@ -26,7 +29,9 @@ export class CreateAddress {
    address2?: string;

    /**
-     * The address's postal code.
+     * The new address's postal code.
+     * This will get checked against the postal code syntax for the configured country.
+     * TODO: Implement the config option. 
     */
    @IsString()
    @IsNotEmpty()
@ -34,21 +39,21 @@ export class CreateAddress {
    postalcode: string;

    /**
-     * The address's city.
+     * The new address's city.
     */
    @IsString()
    @IsNotEmpty()
    city: string;

    /**
-     * The address's country.
+     * The new address's country.
     */
    @IsString()
    @IsNotEmpty()
    country: string;

    /**
-     * Creates a Address object based on this.
+     * Creates a new Address entity from this.
     */
    public toAddress(): Address {
        let newAddress: Address = new Address();
--- a/src/models/actions/CreateAuth.ts
+++ b/src/models/actions/CreateAuth.ts
@ -0,0 +1,72 @@
+import * as argon2 from "argon2";
+import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
+import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { JwtCreator } from '../../jwtcreator';
+import { User } from '../entities/User';
+import { Auth } from '../responses/ResponseAuth';
+
+/**
+ * This class is used to create auth credentials based on user credentials provided in a json body (post request).
+ * To be a little bit more exact: Is takes in a username/email + password and creates a new access and refresh token for the user.
+ * It of course checks for user existance, password validity and so on.
+ */
+export class CreateAuth {
+    /**
+     * The username of the user that want's to login.
+     * Either username or email have to be provided.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The email address of the user that want's to login.
+     * Either username or email have to be provided.
+     */
+    @IsOptional()
+    @IsEmail()
+    @IsString()
+    email?: string;
+
+    /**
+     * The user's password.
+     * Will be checked against an argon2 hash.
+     */
+    @IsNotEmpty()
+    @IsString()
+    password: string;
+
+
+    /**
+     * Creates a new auth object based on this.
+     */
+    public async toAuth(): Promise<Auth> {
+        let newAuth: Auth = new Auth();
+
+        if (this.email === undefined && this.username === undefined) {
+            throw new UsernameOrEmailNeededError();
+        }
+        if (!this.password) {
+            throw new PasswordNeededError();
+        }
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ relations: ['groups', 'permissions', 'groups.permissions'], where: [{ username: this.username }, { email: this.email }] });
+        if (!found_user) {
+            throw new UserNotFoundError();
+        }
+        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+            throw new InvalidCredentialsError();
+        }
+
+        //Create the access token
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
+        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
+        //Create the refresh token
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
+        return newAuth;
+    }
+}
--- a/src/models/actions/CreateGroupContact.ts
+++ b/src/models/actions/CreateGroupContact.ts
@ -0,0 +1,85 @@
+import { IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { AddressNotFoundError, AddressWrongTypeError } from '../../errors/AddressErrors';
+import { Address } from '../entities/Address';
+import { GroupContact } from '../entities/GroupContact';
+
+/**
+ * This classed is used to create a new Group entity from a json body (post request).
+ */
+export class CreateGroupContact {
+    /**
+     * The new contact's first name.
+     */
+    @IsNotEmpty()
+    @IsString()
+    firstname: string;
+
+    /**
+     * The new contact's middle name.
+     */
+    @IsOptional()
+    @IsString()
+    middlename?: string;
+
+    /**
+     * The new contact's last name.
+     */
+    @IsNotEmpty()
+    @IsString()
+    lastname: string;
+
+    /**
+     * The new contact's address.
+     * Must be the address's id.
+     */
+    @IsInt()
+    @IsOptional()
+    address?: number;
+
+    /**
+     * The contact's phone number.
+     * This will be validated against the configured country phone numer syntax (default: international).
+     */
+    @IsOptional()
+    @IsPhoneNumber(config.phone_validation_countrycode)
+    phone?: string;
+
+    /**
+     * The contact's email address.
+     */
+    @IsOptional()
+    @IsEmail()
+    email?: string;
+
+    /**
+     * Gets the new contact's address by it's id.
+     */
+    public async getAddress(): Promise<Address> {
+        if (this.address === undefined || this.address === null) {
+            return null;
+        }
+        if (!isNaN(this.address)) {
+            let address = await getConnectionManager().get().getRepository(Address).findOne({ id: this.address });
+            if (!address) { throw new AddressNotFoundError; }
+            return address;
+        }
+
+        throw new AddressWrongTypeError;
+    }
+
+    /**
+     * Creates a new Address entity from this.
+     */
+    public async toGroupContact(): Promise<GroupContact> {
+        let contact: GroupContact = new GroupContact();
+        contact.firstname = this.firstname;
+        contact.middlename = this.middlename;
+        contact.lastname = this.lastname;
+        contact.email = this.email;
+        contact.phone = this.phone;
+        contact.address = await this.getAddress();
+        return null;
+    }
+}
--- a/src/models/actions/CreateParticipant.ts
+++ b/src/models/actions/CreateParticipant.ts
@ -0,0 +1,72 @@
+import { IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { AddressNotFoundError, AddressWrongTypeError } from '../../errors/AddressErrors';
+import { Address } from '../entities/Address';
+
+/**
+ * This classed is used to create a new Participant entity from a json body (post request).
+ */
+export abstract class CreateParticipant {
+    /**
+     * The new participant's first name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    firstname: string;
+
+    /**
+     * The new participant's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The new participant's last name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    lastname: string;
+
+    /**
+     * The new participant's phone number.
+     * This will be validated against the configured country phone numer syntax (default: international).
+     */
+    @IsString()
+    @IsOptional()
+    @IsPhoneNumber(config.phone_validation_countrycode)
+    phone?: string;
+
+    /**
+     * The new participant's e-mail address.
+     */
+    @IsString()
+    @IsOptional()
+    @IsEmail()
+    email?: string;
+
+    /**
+     * The new participant's address.
+     * Must be of type number (address id).
+     */
+    @IsInt()
+    @IsOptional()
+    address?: number;
+
+    /**
+     * Gets the new participant's address by it's address.
+     */
+    public async getAddress(): Promise<Address> {
+        if (this.address === undefined || this.address === null) {
+            return null;
+        }
+        if (!isNaN(this.address)) {
+            let address = await getConnectionManager().get().getRepository(Address).findOne({ id: this.address });
+            if (!address) { throw new AddressNotFoundError; }
+            return address;
+        }
+
+        throw new AddressWrongTypeError;
+    }
+}
--- a/src/models/actions/CreatePermission.ts
+++ b/src/models/actions/CreatePermission.ts
@ -0,0 +1,60 @@
+import {
+    IsEnum,
+    IsInt,
+    IsNotEmpty
+} from "class-validator";
+import { getConnectionManager } from 'typeorm';
+import { PrincipalNotFoundError } from '../../errors/PrincipalErrors';
+import { Permission } from '../entities/Permission';
+import { Principal } from '../entities/Principal';
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+
+/**
+ * This classed is used to create a new Permission entity from a json body (post request).
+ */
+export class CreatePermission {
+
+    /**
+     * The new permissions's principal's id.
+     */
+    @IsInt()
+    @IsNotEmpty()
+    principal: number;
+
+    /**
+     * The new permissions's target.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionTarget)
+    target: PermissionTarget;
+
+    /**
+     * The new permissions's action.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionAction)
+    action: PermissionAction;
+
+    /**
+     * Creates a new Permission entity from this.
+     */
+    public async toPermission(): Promise<Permission> {
+        let newPermission: Permission = new Permission();
+
+        newPermission.principal = await this.getPrincipal();
+        newPermission.target = this.target;
+        newPermission.action = this.action;
+
+        return newPermission;
+    }
+
+    /**
+     * Gets the new permission's principal by it's id.
+     */
+    public async getPrincipal(): Promise<Principal> {
+        let principal = await getConnectionManager().get().getRepository(Principal).findOne({ id: this.principal })
+        if (!principal) { throw new PrincipalNotFoundError(); }
+        return principal;
+    }
+}
--- a/src/models/actions/CreateRunner.ts
+++ b/src/models/actions/CreateRunner.ts
@ -0,0 +1,53 @@
+import { IsInt } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerGroupNotFoundError } from '../../errors/RunnerGroupErrors';
+import { RunnerOrganisationWrongTypeError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerTeamNeedsParentError } from '../../errors/RunnerTeamErrors';
+import { Runner } from '../entities/Runner';
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This classed is used to create a new Runner entity from a json body (post request).
+ */
+export class CreateRunner extends CreateParticipant {
+
+    /**
+     * The new runner's group's id.
+     */
+    @IsInt()
+    group: number;
+
+    /**
+     * Creates a new Runner entity from this.
+     */
+    public async toRunner(): Promise<Runner> {
+        let newRunner: Runner = new Runner();
+
+        newRunner.firstname = this.firstname;
+        newRunner.middlename = this.middlename;
+        newRunner.lastname = this.lastname;
+        newRunner.phone = this.phone;
+        newRunner.email = this.email;
+        newRunner.group = await this.getGroup();
+        newRunner.address = await this.getAddress();
+
+        return newRunner;
+    }
+
+    /**
+     * Gets the new runner's group by it's id.
+     */
+    public async getGroup(): Promise<RunnerGroup> {
+        if (this.group === undefined || this.group === null) {
+            throw new RunnerTeamNeedsParentError();
+        }
+        if (!isNaN(this.group)) {
+            let group = await getConnectionManager().get().getRepository(RunnerGroup).findOne({ id: this.group });
+            if (!group) { throw new RunnerGroupNotFoundError; }
+            return group;
+        }
+
+        throw new RunnerOrganisationWrongTypeError;
+    }
+}
--- a/src/models/actions/CreateRunnerGroup.ts
+++ b/src/models/actions/CreateRunnerGroup.ts
@ -0,0 +1,40 @@
+import { IsInt, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { GroupContactNotFoundError, GroupContactWrongTypeError } from '../../errors/GroupContactErrors';
+import { GroupContact } from '../entities/GroupContact';
+
+/**
+ * This classed is used to create a new RunnerGroup entity from a json body (post request).
+ */
+export abstract class CreateRunnerGroup {
+    /**
+     * The new group's name.
+     */
+    @IsNotEmpty()
+    @IsString()
+    name: string;
+
+    /**
+     * The new group's contact.
+     * Optional
+     */
+    @IsInt()
+    @IsOptional()
+    contact?: number;
+
+    /**
+     * Gets the new group's contact by it's id.
+     */
+    public async getContact(): Promise<GroupContact> {
+        if (this.contact === undefined || this.contact === null) {
+            return null;
+        }
+        if (!isNaN(this.contact)) {
+            let contact = await getConnectionManager().get().getRepository(GroupContact).findOne({ id: this.contact });
+            if (!contact) { throw new GroupContactNotFoundError; }
+            return contact;
+        }
+
+        throw new GroupContactWrongTypeError;
+    }
+}
--- a/src/models/actions/CreateRunnerOrganisation.ts
+++ b/src/models/actions/CreateRunnerOrganisation.ts
@ -0,0 +1,48 @@
+import { IsInt, IsOptional } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { AddressNotFoundError, AddressWrongTypeError } from '../../errors/AddressErrors';
+import { Address } from '../entities/Address';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+/**
+ * This classed is used to create a new RunnerOrganisation entity from a json body (post request).
+ */
+export class CreateRunnerOrganisation extends CreateRunnerGroup {
+    /**
+     * The new organisation's address.
+     * Must be of type number (address id).
+     */
+    @IsInt()
+    @IsOptional()
+    address?: number;
+
+    /**
+     * Gets the org's address by it's id.
+     */
+    public async getAddress(): Promise<Address> {
+        if (this.address === undefined || this.address === null) {
+            return null;
+        }
+        if (!isNaN(this.address)) {
+            let address = await getConnectionManager().get().getRepository(Address).findOne({ id: this.address });
+            if (!address) { throw new AddressNotFoundError; }
+            return address;
+        }
+
+        throw new AddressWrongTypeError;
+    }
+
+    /**
+     * Creates a new RunnerOrganisation entity from this.
+     */
+    public async toRunnerOrganisation(): Promise<RunnerOrganisation> {
+        let newRunnerOrganisation: RunnerOrganisation = new RunnerOrganisation();
+
+        newRunnerOrganisation.name = this.name;
+        newRunnerOrganisation.contact = await this.getContact();
+        newRunnerOrganisation.address = await this.getAddress();
+
+        return newRunnerOrganisation;
+    }
+}
--- a/src/models/actions/CreateRunnerTeam.ts
+++ b/src/models/actions/CreateRunnerTeam.ts
@ -0,0 +1,50 @@
+import { IsInt, IsNotEmpty } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerOrganisationNotFoundError, RunnerOrganisationWrongTypeError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerTeamNeedsParentError } from '../../errors/RunnerTeamErrors';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+/**
+ * This classed is used to create a new RunnerTeam entity from a json body (post request).
+ */
+export class CreateRunnerTeam extends CreateRunnerGroup {
+
+    /**
+     * The new team's parent group (organisation).
+     */
+    @IsInt()
+    @IsNotEmpty()
+    parentGroup: number;
+
+    /**
+     * Gets the new team's parent org based on it's id.
+     */
+    public async getParent(): Promise<RunnerOrganisation> {
+        if (this.parentGroup === undefined || this.parentGroup === null) {
+            throw new RunnerTeamNeedsParentError();
+        }
+        if (!isNaN(this.parentGroup)) {
+            let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.parentGroup });
+            if (!parentGroup) { throw new RunnerOrganisationNotFoundError();; }
+            return parentGroup;
+        }
+
+        throw new RunnerOrganisationWrongTypeError;
+    }
+
+    /**
+     * Creates a new RunnerTeam entity from this.
+     */
+    public async toRunnerTeam(): Promise<RunnerTeam> {
+        let newRunnerTeam: RunnerTeam = new RunnerTeam();
+
+        newRunnerTeam.name = this.name;
+        newRunnerTeam.parentGroup = await this.getParent();
+
+        newRunnerTeam.contact = await this.getContact()
+
+        return newRunnerTeam;
+    }
+}
--- a/src/models/creation/CreateTrack.ts
+++ b/src/models/creation/CreateTrack.ts
@ -1,23 +1,26 @@
 import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
 import { Track } from '../entities/Track';

+/**
+ * This classed is used to create a new Track entity from a json body (post request).
+ */
 export class CreateTrack {
    /**
-     * The track's name.
+     * The new track's name.
     */
    @IsString()
    @IsNotEmpty()
    name: string;

    /**
-     * The track's distance in meters (must be greater 0).
+     * The new track's distance in meters (must be greater than 0).
     */
    @IsInt()
    @IsPositive()
    distance: number;

    /**
-     * Converts a Track object based on this.
+     * Creates a new Track entity from this.
     */
    public toTrack(): Track {
        let newTrack: Track = new Track();
--- a/src/models/creation/CreateUser.ts
+++ b/src/models/creation/CreateUser.ts
@ -1,118 +1,115 @@
-import * as argon2 from "argon2";
-import { IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
-import { getConnectionManager } from 'typeorm';
-import * as uuid from 'uuid';
-import { UserGroupNotFoundError, UsernameOrEmailNeededError } from '../../errors/UserErrors';
-import { User } from '../entities/User';
-import { UserGroup } from '../entities/UserGroup';
-
-export class CreateUser {
-    /**
-     * The new user's first name.
-     */
-    @IsString()
-    firstname: string;
-
-    /**
-     * The new user's middle name.
-     * Optinal.
-     */
-    @IsString()
-    @IsOptional()
-    middlename?: string;
-
-    /**
-     * The new user's last name.
-     */
-    @IsString()
-    lastname: string;
-
-    /**
-     * The new user's username.
-     * You have to provide at least one of: {email, username}.
-     */
-    @IsOptional()
-    @IsString()
-    username?: string;
-
-    /**
-     * The new user's email address.
-     * You have to provide at least one of: {email, username}.
-     */
-    @IsEmail()
-    @IsString()
-    @IsOptional()
-    email?: string;
-
-    /**
-     * The new user's phone number.
-     * Optional
-     */
-    @IsPhoneNumber("ZZ")
-    @IsOptional()
-    phone?: string;
-
-    /**
-     * The new user's password.
-     * This will of course not be saved in plaintext :)
-     */
-    @IsString()
-    password: string;
-
-    /**
-     * The new user's groups' id(s).
-     * You can provide either one groupId or an array of groupIDs.
-     * Optional.
-     */
-    @IsOptional()
-    groupId?: number[] | number
-
-    //TODO: ProfilePics
-
-    /**
-     * Converts this to a User Entity.
-     */
-    public async toUser(): Promise<User> {
-        let newUser: User = new User();
-
-        if (this.email === undefined && this.username === undefined) {
-            throw new UsernameOrEmailNeededError();
-        }
-
-        if (this.groupId) {
-            if (!Array.isArray(this.groupId)) {
-                this.groupId = [this.groupId]
-            }
-            const groupIDs: number[] = this.groupId
-            let errors = 0
-            const validateusergroups = async () => {
-                let foundgroups = []
-                for (const g of groupIDs) {
-                    const found = await getConnectionManager().get().getRepository(UserGroup).find({ id: g });
-                    if (found.length === 0) {
-                        errors++
-                    } else {
-                        foundgroups.push(found[0])
-                    }
-                }
-                newUser.groups = foundgroups
-            }
-            await validateusergroups()
-            if (errors !== 0) {
-                throw new UserGroupNotFoundError();
-            }
-        }
-
-        newUser.email = this.email
-        newUser.username = this.username
-        newUser.firstname = this.firstname
-        newUser.middlename = this.middlename
-        newUser.lastname = this.lastname
-        newUser.uuid = uuid.v4()
-        newUser.phone = this.phone
-        newUser.password = await argon2.hash(this.password + newUser.uuid);
-        //TODO: ProfilePics
-
-        return newUser;
-    }
+import * as argon2 from "argon2";
+import { IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import * as uuid from 'uuid';
+import { config } from '../../config';
+import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { UserGroupNotFoundError } from '../../errors/UserGroupErrors';
+import { User } from '../entities/User';
+import { UserGroup } from '../entities/UserGroup';
+
+/**
+ * This classed is used to create a new User entity from a json body (post request).
+ */
+export class CreateUser {
+    /**
+     * The new user's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The new user's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The new user's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * The new user's username.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The new user's email address.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsEmail()
+    @IsString()
+    @IsOptional()
+    email?: string;
+
+    /**
+     * The new user's phone number.
+     * This will be validated against the configured country phone numer syntax (default: international).
+     */
+    @IsPhoneNumber(config.phone_validation_countrycode)
+    @IsOptional()
+    phone?: string;
+
+    /**
+     * The new user's password.
+     * This will of course not be saved in plaintext :)
+     */
+    @IsString()
+    password: string;
+
+    /**
+     * The new user's groups' id(s).
+     * You can provide either one groupId or an array of groupIDs.
+     */
+    @IsOptional()
+    groups?: number[] | number
+
+    //TODO: ProfilePics
+
+    /**
+     * Converts this to a User entity.
+     */
+    public async toUser(): Promise<User> {
+        let newUser: User = new User();
+
+        if (this.email === undefined && this.username === undefined) {
+            throw new UsernameOrEmailNeededError();
+        }
+
+        newUser.email = this.email
+        newUser.username = this.username
+        newUser.firstname = this.firstname
+        newUser.middlename = this.middlename
+        newUser.lastname = this.lastname
+        newUser.uuid = uuid.v4()
+        newUser.phone = this.phone
+        newUser.password = await argon2.hash(this.password + newUser.uuid);
+        newUser.groups = await this.getGroups();
+        //TODO: ProfilePics
+
+        return newUser;
+    }
+
+    /**
+     * Get's all groups for this user by their id's;
+     */
+    public async getGroups() {
+        if (!this.groups) { return null; }
+        let groups = new Array<UserGroup>();
+        if (!Array.isArray(this.groups)) {
+            this.groups = [this.groups]
+        }
+        for (let group of this.groups) {
+            let found = await getConnectionManager().get().getRepository(UserGroup).findOne({ id: group });
+            if (!found) { throw new UserGroupNotFoundError(); }
+            groups.push(found);
+        }
+        return groups;
+    }
 }
--- a/src/models/creation/CreateUserGroup.ts
+++ b/src/models/creation/CreateUserGroup.ts
@ -1,6 +1,9 @@
 import { IsOptional, IsString } from 'class-validator';
 import { UserGroup } from '../entities/UserGroup';

+/**
+ * This classed is used to create a new UserGroup entity from a json body (post request).
+ */
 export class CreateUserGroup {
    /**
     * The new group's name.
@ -17,7 +20,7 @@ export class CreateUserGroup {
    description?: string;

    /**
-     * Converts this to a UserGroup entity.
+     * Creates a new UserGroup entity from this.
     */
    public async toUserGroup(): Promise<UserGroup> {
        let newUserGroup: UserGroup = new UserGroup();
--- a/src/models/actions/HandleLogout.ts
+++ b/src/models/actions/HandleLogout.ts
@ -0,0 +1,49 @@
+import { IsOptional, IsString } from 'class-validator';
+import * as jsonwebtoken from 'jsonwebtoken';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { User } from '../entities/User';
+import { Logout } from '../responses/ResponseLogout';
+
+/**
+ * This class handels a user logging out of the system.
+ * Of course it check's the user's provided credential (token) before logging him out.
+ */
+export class HandleLogout {
+    /**
+     * A stringyfied jwt access token.
+     * Will get checked for validity.
+     */
+    @IsString()
+    @IsOptional()
+    token?: string;
+
+    /**
+     * Logs the user out.
+     * This gets achived by increasing the user's refresh token count, thereby invalidateing all currently existing jwts for that user.
+     */
+    public async logout(): Promise<Logout> {
+        let logout: Logout = new Logout();
+        if (!this.token || this.token === undefined) {
+            throw new JwtNotProvidedError()
+        }
+        let decoded;
+        try {
+            decoded = jsonwebtoken.verify(this.token, config.jwt_secret)
+        } catch (error) {
+            throw new IllegalJWTError()
+        }
+        logout.timestamp = Math.floor(Date.now() / 1000)
+        let found_user: User = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
+        if (!found_user) {
+            throw new UserNotFoundError()
+        }
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
+            throw new RefreshTokenCountInvalidError()
+        }
+        found_user.refreshTokenCount++;
+        await getConnectionManager().get().getRepository(User).update({ id: found_user.id }, found_user)
+        return logout;
+    }
+}
--- a/src/models/actions/ImportRunner.ts
+++ b/src/models/actions/ImportRunner.ts
@ -0,0 +1,97 @@
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerGroupNeededError } from '../../errors/RunnerErrors';
+import { RunnerOrganisationNotFoundError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { CreateRunner } from './CreateRunner';
+
+/**
+ * Special class used to import runners from csv files - or json arrays created from csv to be exact.
+ * Why you ask? Because the past has shown us that a non excel/csv based workflow is too much for most schools.
+ */
+export class ImportRunner {
+
+    /**
+     * The new runner's first name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    firstname: string;
+
+    /**
+     * The new runner's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The new runner's last name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    lastname: string;
+
+    /**
+     * The new runner's team's name (if not provided otherwise).
+     * The team will automaticly get generated if it doesn't exist in this org yet.
+     */
+    @IsString()
+    @IsOptional()
+    team?: string;
+
+    /**
+     * Just an alias for team, because this is usually only used for importing data from schools.
+     */
+    @IsOptional()
+    @IsString()
+    public set class(value: string) {
+        this.team = value;
+    }
+
+    /**
+     * Creates a CreateRunner object based on this.
+     * @param groupID Either the id of the new runner's group or the id of the org that the new runner's team is a part of.
+     */
+    public async toCreateRunner(groupID: number): Promise<CreateRunner> {
+        let newRunner: CreateRunner = new CreateRunner();
+
+        newRunner.firstname = this.firstname;
+        newRunner.middlename = this.middlename;
+        newRunner.lastname = this.lastname;
+        newRunner.group = (await this.getGroup(groupID)).id;
+
+        return newRunner;
+    }
+
+    /**
+     * Get's the new runners group.
+     * @param groupID Either the id of the new runner's group or the id of the org that the new runner's team is a part of.
+     */
+    public async getGroup(groupID: number): Promise<RunnerGroup> {
+        if (this.team === undefined && groupID === undefined) {
+            throw new RunnerGroupNeededError();
+        }
+
+        let team = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ id: groupID });
+        if (team) { return team; }
+
+        let org = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: groupID });
+        if (!org) {
+            throw new RunnerOrganisationNotFoundError();
+        }
+        if (this.team === undefined) { return org; }
+
+        team = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ name: this.team, parentGroup: org });
+        if (!team) {
+            let newRunnerTeam: RunnerTeam = new RunnerTeam();
+            newRunnerTeam.name = this.team;
+            newRunnerTeam.parentGroup = org;
+            team = await getConnectionManager().get().getRepository(RunnerTeam).save(newRunnerTeam);
+        }
+
+        return team;
+    }
+}
--- a/src/models/actions/RefreshAuth.ts
+++ b/src/models/actions/RefreshAuth.ts
@ -0,0 +1,55 @@
+import { IsOptional, IsString } from 'class-validator';
+import * as jsonwebtoken from 'jsonwebtoken';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { JwtCreator } from "../../jwtcreator";
+import { User } from '../entities/User';
+import { Auth } from '../responses/ResponseAuth';
+
+/**
+ * This class is used to create refreshed auth credentials.
+ * To be a little bit more exact: Is takes in a refresh token and creates a new access and refresh token for it's user.
+ * It of course checks for user existance, jwt validity and so on.
+ */
+export class RefreshAuth {
+    /**
+     * A stringyfied jwt refresh token.
+     * Will get checked for validity.
+     */
+    @IsString()
+    @IsOptional()
+    token?: string;
+
+    /**
+     * Creates a new auth object based on this.
+     */
+    public async toAuth(): Promise<Auth> {
+        let newAuth: Auth = new Auth();
+        if (!this.token || this.token === undefined) {
+            throw new JwtNotProvidedError()
+        }
+        let decoded
+        try {
+            decoded = jsonwebtoken.verify(this.token, config.jwt_secret)
+        } catch (error) {
+            throw new IllegalJWTError()
+        }
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] }, { relations: ['groups', 'permissions', 'groups.permissions'] });
+        if (!found_user) {
+            throw new UserNotFoundError()
+        }
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
+            throw new RefreshTokenCountInvalidError()
+        }
+        //Create the auth token
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
+        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
+        //Create the refresh token
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry;
+        return newAuth;
+    }
+}
--- a/src/models/actions/UpdatePermission.ts
+++ b/src/models/actions/UpdatePermission.ts
@ -0,0 +1,68 @@
+import { IsInt, IsNotEmpty, IsObject } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { PermissionNeedsPrincipalError } from '../../errors/PermissionErrors';
+import { PrincipalNotFoundError, PrincipalWrongTypeError } from '../../errors/PrincipalErrors';
+import { Permission } from '../entities/Permission';
+import { Principal } from '../entities/Principal';
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+
+/**
+ * This class is used to update a Permission entity (via put request).
+ */
+export class UpdatePermission {
+
+    /**
+     * The updated permission's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated permissions's principal.
+     * Just has to contain the principal's id -everything else won't be checked or changed.
+     */
+    @IsObject()
+    @IsNotEmpty()
+    principal: Principal;
+
+    /**
+     * The permissions's target.
+     */
+    @IsNotEmpty()
+    target: PermissionTarget;
+
+    /**
+     * The permissions's action.
+     */
+    @IsNotEmpty()
+    action: PermissionAction;
+
+    /**
+     * Updates a provided Permission entity based on this.
+     */
+    public async updatePermission(permission: Permission): Promise<Permission> {
+        permission.principal = await this.getPrincipal();
+        permission.target = this.target;
+        permission.action = this.action;
+
+        return permission;
+    }
+
+    /**
+     * Loads the updated permission's principal based on it's id.
+     */
+    public async getPrincipal(): Promise<Principal> {
+        if (this.principal === undefined || this.principal === null) {
+            throw new PermissionNeedsPrincipalError();
+        }
+        if (!isNaN(this.principal.id)) {
+            let principal = await getConnectionManager().get().getRepository(Principal).findOne({ id: this.principal.id });
+            if (!principal) { throw new PrincipalNotFoundError(); }
+            return principal;
+        }
+
+        throw new PrincipalWrongTypeError();
+    }
+}
--- a/src/models/actions/UpdateRunner.ts
+++ b/src/models/actions/UpdateRunner.ts
@ -0,0 +1,59 @@
+import { IsInt, IsObject } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerGroupNotFoundError } from '../../errors/RunnerGroupErrors';
+import { RunnerOrganisationWrongTypeError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerTeamNeedsParentError } from '../../errors/RunnerTeamErrors';
+import { Runner } from '../entities/Runner';
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This class is used to update a Runner entity (via put request).
+ */
+export class UpdateRunner extends CreateParticipant {
+
+    /**
+     * The updated runner's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated runner's new team/org.
+     * Just has to contain the group's id -everything else won't be checked or changed.
+     */
+    @IsObject()
+    group: RunnerGroup;
+
+    /**
+     * Updates a provided Runner entity based on this.
+     */
+    public async updateRunner(runner: Runner): Promise<Runner> {
+        runner.firstname = this.firstname;
+        runner.middlename = this.middlename;
+        runner.lastname = this.lastname;
+        runner.phone = this.phone;
+        runner.email = this.email;
+        runner.group = await this.getGroup();
+        runner.address = await this.getAddress();
+
+        return runner;
+    }
+
+    /**
+     * Loads the updated runner's group based on it's id.
+     */
+    public async getGroup(): Promise<RunnerGroup> {
+        if (this.group === undefined || this.group === null) {
+            throw new RunnerTeamNeedsParentError();
+        }
+        if (!isNaN(this.group.id)) {
+            let group = await getConnectionManager().get().getRepository(RunnerGroup).findOne({ id: this.group.id });
+            if (!group) { throw new RunnerGroupNotFoundError; }
+            return group;
+        }
+
+        throw new RunnerOrganisationWrongTypeError;
+    }
+}
--- a/src/models/actions/UpdateRunnerOrganisation.ts
+++ b/src/models/actions/UpdateRunnerOrganisation.ts
@ -0,0 +1,52 @@
+import { IsInt, IsOptional } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { AddressNotFoundError } from '../../errors/AddressErrors';
+import { Address } from '../entities/Address';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+/**
+ * This class is used to update a RunnerOrganisation entity (via put request).
+ */
+export class UpdateRunnerOrganisation extends CreateRunnerGroup {
+
+    /**
+     * The updated orgs's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated organisation's address.
+     * Just has to contain the address's id - everything else won't be checked or changed.
+     * Optional.
+     */
+    @IsInt()
+    @IsOptional()
+    address?: Address;
+
+    /**
+     * Loads the organisation's address based on it's id.
+     */
+    public async getAddress(): Promise<Address> {
+        if (this.address === undefined || this.address === null) {
+            return null;
+        }
+        let address = await getConnectionManager().get().getRepository(Address).findOne({ id: this.address.id });
+        if (!address) { throw new AddressNotFoundError; }
+        return address;
+    }
+
+    /**
+     * Updates a provided RunnerOrganisation entity based on this.
+     */
+    public async updateRunnerOrganisation(organisation: RunnerOrganisation): Promise<RunnerOrganisation> {
+
+        organisation.name = this.name;
+        organisation.contact = await this.getContact();
+        organisation.address = await this.getAddress();
+
+        return organisation;
+    }
+}
--- a/src/models/actions/UpdateRunnerTeam.ts
+++ b/src/models/actions/UpdateRunnerTeam.ts
@ -0,0 +1,56 @@
+import { IsInt, IsNotEmpty, IsObject } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerOrganisationNotFoundError, RunnerOrganisationWrongTypeError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerTeamNeedsParentError } from '../../errors/RunnerTeamErrors';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+/**
+ * This class is used to update a RunnerTeam entity (via put request).
+ */
+export class UpdateRunnerTeam extends CreateRunnerGroup {
+
+    /**
+     * The updated team's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated team's parentGroup.
+     * Just has to contain the organisation's id - everything else won't be checked or changed.
+     */
+    @IsObject()
+    @IsNotEmpty()
+    parentGroup: RunnerOrganisation;
+
+    /**
+     * Loads the updated teams's parentGroup based on it's id.
+     */
+    public async getParent(): Promise<RunnerOrganisation> {
+        if (this.parentGroup === undefined || this.parentGroup === null) {
+            throw new RunnerTeamNeedsParentError();
+        }
+        if (!isNaN(this.parentGroup.id)) {
+            let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.parentGroup.id });
+            if (!parentGroup) { throw new RunnerOrganisationNotFoundError();; }
+            return parentGroup;
+        }
+
+        throw new RunnerOrganisationWrongTypeError;
+    }
+
+    /**
+     * Updates a provided RunnerTeam entity based on this.
+     */
+    public async updateRunnerTeam(team: RunnerTeam): Promise<RunnerTeam> {
+
+        team.name = this.name;
+        team.parentGroup = await this.getParent();
+        team.contact = await this.getContact()
+
+        return team;
+    }
+}
--- a/src/models/actions/UpdateUser.ts
+++ b/src/models/actions/UpdateUser.ts
@ -0,0 +1,130 @@
+import * as argon2 from "argon2";
+import { IsBoolean, IsEmail, IsInt, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { UsernameOrEmailNeededError } from '../../errors/AuthError';
+import { UserGroupNotFoundError } from '../../errors/UserGroupErrors';
+import { User } from '../entities/User';
+import { UserGroup } from '../entities/UserGroup';
+
+/**
+ * This class is used to update a User entity (via put request).
+ */
+export class UpdateUser {
+
+    /**
+     * The updated user's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated user's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The updated user's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The updated user's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * The updated user's username.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The updated user's email address.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsEmail()
+    @IsString()
+    @IsOptional()
+    email?: string;
+
+    /**
+     * The updated user's phone number.
+     * This will be validated against the configured country phone numer syntax (default: international).
+     */
+    @IsPhoneNumber(config.phone_validation_countrycode)
+    @IsOptional()
+    phone?: string;
+
+    /**
+     * The new updated's password. 
+     * Only provide it if you want it updated.
+     * Changeing the password will invalidate all of the user's jwts.
+     * This will of course not be saved in plaintext :)
+     */
+    @IsString()
+    @IsOptional()
+    password?: string;
+
+    /**
+     * Should the user be enabled?
+     */
+    @IsBoolean()
+    enabled: boolean = true;
+
+    /**
+     * The updated user's groups.
+     * This just has to contain the group's id - everything else won't be changed.
+     */
+    @IsOptional()
+    groups?: UserGroup[]
+
+    /**
+     * Updates a provided User entity based on this.
+     */
+    public async updateUser(user: User): Promise<User> {
+        user.email = this.email;
+        user.username = this.username;
+        if ((user.email === undefined || user.email === null) && (user.username === undefined || user.username === null)) {
+            throw new UsernameOrEmailNeededError();
+        }
+        if (this.password) {
+            user.password = await argon2.hash(this.password + user.uuid);
+            user.refreshTokenCount = user.refreshTokenCount + 1;
+        }
+
+        user.enabled = this.enabled;
+        user.firstname = this.firstname
+        user.middlename = this.middlename
+        user.lastname = this.lastname
+        user.phone = this.phone;
+        user.groups = await this.getGroups();
+        //TODO: ProfilePics
+
+        return user;
+    }
+
+    /**
+     * Loads the updated user's groups based on their ids.
+     */
+    public async getGroups() {
+        if (!this.groups) { return null; }
+        let groups = new Array<UserGroup>();
+        if (!Array.isArray(this.groups)) {
+            this.groups = [this.groups]
+        }
+        for (let group of this.groups) {
+            let found = await getConnectionManager().get().getRepository(UserGroup).findOne({ id: group.id });
+            if (!found) { throw new UserGroupNotFoundError(); }
+            groups.push(found);
+        }
+        return groups;
+    }
+}
--- a/src/models/creation/CreateParticipant.ts
+++ b/src/models/creation/CreateParticipant.ts
@ -1,83 +0,0 @@
-import { IsEmail, IsInt, IsNotEmpty, IsObject, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
-import { getConnectionManager } from 'typeorm';
-import { ParticipantOnlyOneAddressAllowedError } from '../../errors/ParticipantErrors';
-import { Address } from '../entities/Address';
-import { CreateAddress } from './CreateAddress';
-
-export abstract class CreateParticipant {
-    /**
-     * The new participant's first name.
-     */
-    @IsString()
-    @IsNotEmpty()
-    firstname: string;
-
-    /**
-     * The new participant's middle name.
-     * Optional.
-     */
-    @IsString()
-    @IsNotEmpty()
-    middlename?: string;
-
-    /**
-     * The new participant's last name.
-     */
-    @IsString()
-    @IsNotEmpty()
-    lastname: string;
-
-    /**
-     * The new participant's phone number.
-     * Optional.
-     */
-    @IsString()
-    @IsOptional()
-    @IsPhoneNumber("ZZ")
-    phone?: string;
-
-    /**
-     * The new participant's e-mail address.
-     * Optional.
-     */
-    @IsString()
-    @IsOptional()
-    @IsEmail()
-    email?: string;
-
-    /**
-     * The new participant's address's id.
-     * Optional - please provide either addressId or address.
-     */
-    @IsInt()
-    @IsOptional()
-    addressId?: number;
-
-    /**
-     * The new participant's address.
-     * Optional - please provide either addressId or address.
-     */
-    @IsObject()
-    @IsOptional()
-    address?: CreateAddress;
-
-    /**
-     * Creates a Participant entity from this.
-     */
-    public async getAddress(): Promise<Address> {
-        let address: Address;
-
-        if (this.addressId !== undefined && this.address !== undefined) {
-            throw new ParticipantOnlyOneAddressAllowedError
-        }
-        if (this.addressId === undefined && this.address === undefined) {
-            return null;
-        }
-
-        if (this.addressId) {
-            return await getConnectionManager().get().getRepository(Address).findOne({ id: this.addressId });
-        }
-
-        return this.address.toAddress();
-    }
-}
--- a/src/models/creation/CreateRunner.ts
+++ b/src/models/creation/CreateRunner.ts
@ -1,68 +0,0 @@
-import { IsInt, IsOptional } from 'class-validator';
-import { getConnectionManager } from 'typeorm';
-import { RunnerGroupNeededError, RunnerGroupNotFoundError, RunnerOnlyOneGroupAllowedError } from '../../errors/RunnerErrors';
-import { Runner } from '../entities/Runner';
-import { RunnerGroup } from '../entities/RunnerGroup';
-import { RunnerOrganisation } from '../entities/RunnerOrganisation';
-import { RunnerTeam } from '../entities/RunnerTeam';
-import { CreateParticipant } from './CreateParticipant';
-
-export class CreateRunner extends CreateParticipant {
-
-    /**
-     * The new runner's team's id.
-     * Either provide this or his organisation's id.
-     */
-    @IsInt()
-    @IsOptional()
-    teamId?: number;
-
-    /**
-     * The new runner's organisation's id.
-     * Either provide this or his teams's id.
-     */
-    @IsInt()
-    @IsOptional()
-    orgId?: number;
-
-    /**
-     * Creates a Runner entity from this.
-     */
-    public async toRunner(): Promise<Runner> {
-        let newRunner: Runner = new Runner();
-
-        newRunner.firstname = this.firstname;
-        newRunner.middlename = this.middlename;
-        newRunner.lastname = this.lastname;
-        newRunner.phone = this.phone;
-        newRunner.email = this.email;
-        newRunner.group = await this.getGroup();
-        newRunner.address = await this.getAddress();
-
-        return newRunner;
-    }
-
-    /**
-     * Manages all the different ways a group can be provided.
-     */
-    public async getGroup(): Promise<RunnerGroup> {
-        let group: RunnerGroup;
-        if (this.teamId !== undefined && this.orgId !== undefined) {
-            throw new RunnerOnlyOneGroupAllowedError();
-        }
-        if (this.teamId === undefined && this.orgId === undefined) {
-            throw new RunnerGroupNeededError();
-        }
-
-        if (this.teamId) {
-            group = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ id: this.teamId });
-        }
-        if (this.orgId) {
-            group = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.orgId });
-        }
-        if (!group) {
-            throw new RunnerGroupNotFoundError();
-        }
-        return group;
-    }
-}
--- a/src/models/creation/CreateRunnerGroup.ts
+++ b/src/models/creation/CreateRunnerGroup.ts
@ -1,30 +0,0 @@
-import { IsNotEmpty, IsObject, IsOptional, IsString } from 'class-validator';
-import { GroupContact } from '../entities/GroupContact';
-
-export abstract class CreateRunnerGroup {
-    /**
-     * The group's name.
-     */
-    @IsNotEmpty()
-    @IsString()
-    name: string;
-
-    /**
-     * The group's contact.
-     * Optional
-     */
-    @IsObject()
-    @IsOptional()
-    contact?: GroupContact;
-
-    /**
-     * Deals with the contact for groups this.
-     */
-    public async getContact(): Promise<GroupContact> {
-        let newGroupContact: GroupContact;
-
-        //TODO:
-
-        return newGroupContact;
-    }
-}
--- a/src/models/creation/CreateRunnerOrganisation.ts
+++ b/src/models/creation/CreateRunnerOrganisation.ts
@ -1,58 +0,0 @@
-import { IsInt, IsObject, IsOptional } from 'class-validator';
-import { getConnectionManager } from 'typeorm';
-import { ParticipantOnlyOneAddressAllowedError } from '../../errors/ParticipantErrors';
-import { Address } from '../entities/Address';
-import { RunnerOrganisation } from '../entities/RunnerOrganisation';
-import { CreateAddress } from './CreateAddress';
-import { CreateRunnerGroup } from './CreateRunnerGroup';
-
-export class CreateRunnerOrganisation extends CreateRunnerGroup {
-    /**
-     * The new participant's address's id.
-     * Optional - please provide either addressId or address.
-     */
-    @IsInt()
-    @IsOptional()
-    addressId?: number;
-
-    /**
-     * The new participant's address.
-     * Optional - please provide either addressId or address.
-     */
-    @IsObject()
-    @IsOptional()
-    address?: CreateAddress;
-
-    /**
-     * Creates a Participant entity from this.
-     */
-    public async getAddress(): Promise<Address> {
-        let address: Address;
-
-        if (this.addressId !== undefined && this.address !== undefined) {
-            throw new ParticipantOnlyOneAddressAllowedError
-        }
-        if (this.addressId === undefined && this.address === undefined) {
-            return null;
-        }
-
-        if (this.addressId) {
-            return await getConnectionManager().get().getRepository(Address).findOne({ id: this.addressId });
-        }
-
-        return this.address.toAddress();
-    }
-
-    /**
-     * Creates a RunnerOrganisation entity from this.
-     */
-    public async toRunnerOrganisation(): Promise<RunnerOrganisation> {
-        let newRunnerOrganisation: RunnerOrganisation = new RunnerOrganisation();
-
-        newRunnerOrganisation.name = this.name;
-        newRunnerOrganisation.contact = await this.getContact();
-        newRunnerOrganisation.address = await this.getAddress();
-
-        return newRunnerOrganisation;
-    }
-}
--- a/src/models/creation/CreateRunnerTeam.ts
+++ b/src/models/creation/CreateRunnerTeam.ts
@ -1,36 +0,0 @@
-import { IsInt, IsNotEmpty, IsString } from 'class-validator';
-import { getConnectionManager } from 'typeorm';
-import { RunnerOrganisationNotFoundError } from '../../errors/RunnerOrganisationErrors';
-import { RunnerOrganisation } from '../entities/RunnerOrganisation';
-import { RunnerTeam } from '../entities/RunnerTeam';
-
-export class CreateRunnerTeam {
-    /**
-     * The teams's name.
-     */
-    @IsString()
-    @IsNotEmpty()
-    name: string;
-
-    /**
-     * The team's parent group (organisation).
-     */
-    @IsInt()
-    @IsNotEmpty()
-    parentId: number
-
-    /**
-     * Creates a RunnerTeam entity from this.
-     */
-    public async toRunnerTeam(): Promise<RunnerTeam> {
-        let newRunnerTeam: RunnerTeam = new RunnerTeam();
-
-        newRunnerTeam.name = this.name;
-        newRunnerTeam.parentGroup = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.parentId });
-        if (!newRunnerTeam.parentGroup) {
-            throw new RunnerOrganisationNotFoundError();
-        }
-
-        return newRunnerTeam;
-    }
-}
--- a/src/models/entities/Address.ts
+++ b/src/models/entities/Address.ts
@ -10,7 +10,8 @@ import { Participant } from "./Participant";
 import { RunnerOrganisation } from "./RunnerOrganisation";

 /**
- * Defines a address (to be used for contact information).
+ * Defines the Address entity.
+ * Implemented this way to prevent any formatting differences.
 */
@Entity()
 export class Address {
@ -23,6 +24,7 @@ export class Address {

  /**
   * The address's description.
+   * Optional and mostly for UX.
   */
  @Column({ nullable: true })
  @IsString()
@ -49,6 +51,8 @@ export class Address {

  /**
   * The address's postal code.
+   * This will get checked against the postal code syntax for the configured country.
+   * TODO: Implement the config option. 
   */
  @Column()
  @IsString()
--- a/src/models/entities/DistanceDonation.ts
+++ b/src/models/entities/DistanceDonation.ts
@ -4,19 +4,21 @@ import { Donation } from "./Donation";
 import { Runner } from "./Runner";

 /**
- * Defines a distance based donation.
- * Here people donate a certain amout per kilometer
+ * Defines the DistanceDonation entity.
+ * For distanceDonations a donor pledges to donate a certain amount for each kilometer ran by a runner.
 */
@ChildEntity()
 export class DistanceDonation extends Donation {
  /**
-   * The runner associated.
+   * The donation's associated runner.
+   * Used as the source of the donation's distance.
   */
  @IsNotEmpty()
  @ManyToOne(() => Runner, runner => runner.distanceDonations)
  runner: Runner;

  /**
+   * The donation's amount donated per distance.
   * The amount the donor set to be donated per kilometer that the runner ran.
   */
  @Column()
@ -26,12 +28,12 @@ export class DistanceDonation extends Donation {

  /**
   * The donation's amount in cents (or whatever your currency's smallest unit is.).
-   * The exact implementation may differ for each type of donation.
+   * Get's calculated from the runner's distance ran and the amount donated per kilometer.
   */
  public get amount(): number {
    let calculatedAmount = -1;
    try {
-      calculatedAmount = this.amountPerDistance * this.runner.distance;
+      calculatedAmount = this.amountPerDistance * (this.runner.distance / 1000);
    } catch (error) {
      throw error;
    }
--- a/src/models/entities/Donation.ts
+++ b/src/models/entities/Donation.ts
@ -6,7 +6,9 @@ import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typ
 import { Participant } from "./Participant";

 /**
- * Defines the donation interface.
+ * Defines the Donation entity.
+ * A donation just associates a donor with a donation amount.
+ * The specifics of the amoun's determination has to be implemented in child classes.
 */
@Entity()
@TableInheritance({ column: { name: "type", type: "varchar" } })
--- a/src/models/entities/Donor.ts
+++ b/src/models/entities/Donor.ts
@ -3,13 +3,13 @@ import { ChildEntity, Column } from "typeorm";
 import { Participant } from "./Participant";

 /**
- * Defines a donor.
+ * Defines the Donor entity.
 */
@ChildEntity()
 export class Donor extends Participant {
  /**
-   * Does this donor need a receipt?.
-   * Default: false
+   * Does this donor need a receipt?
+   * Will later be used to automaticly generate donation receipts.
   */
  @Column()
  @IsBoolean()
--- a/src/models/entities/FixedDonation.ts
+++ b/src/models/entities/FixedDonation.ts
@ -3,7 +3,8 @@ import { ChildEntity, Column } from "typeorm";
 import { Donation } from "./Donation";

 /**
- * Defines a fixed donation.
+ * Defines the FixedDonation entity.
+ * In the past there was no easy way to track fixed donations (eg. for creating donation receipts).
 */
@ChildEntity()
 export class FixedDonation extends Donation {
--- a/src/models/entities/GroupContact.ts
+++ b/src/models/entities/GroupContact.ts
@ -1,82 +1,83 @@
-import {
-  IsEmail,
-  IsInt,
-  IsNotEmpty,
-  IsOptional,
-  IsPhoneNumber,
-
-  IsString
-} from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { Address } from "./Address";
-import { RunnerGroup } from "./RunnerGroup";
-
-/**
- * Defines a group's contact.
-*/
-@Entity()
-export class GroupContact {
-  /**
- * Autogenerated unique id (primary key).
- */
-  @PrimaryGeneratedColumn()
-  @IsInt()
-  id: number;
-
-  /**
-   * The contact's first name.
-   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  firstname: string;
-
-  /**
-   * The contact's middle name.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsString()
-  middlename?: string;
-
-  /**
-   * The contact's last name.
-   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  lastname: string;
-
-  /**
-   * The contact's address.
-   * Optional
-   */
-  @IsOptional()
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
-  address?: Address;
-
-  /**
-   * The contact's phone number.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsPhoneNumber("DE")
-  phone?: string;
-
-  /**
-   * The contact's email address.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsEmail()
-  email?: string;
-
-  /**
-    * Used to link contacts to groups.
-    */
-  @OneToMany(() => RunnerGroup, group => group.contact, { nullable: true })
-  groups: RunnerGroup[];
+import {
+  IsEmail,
+  IsInt,
+  IsNotEmpty,
+  IsOptional,
+  IsPhoneNumber,
+
+  IsString
+} from "class-validator";
+import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { config } from '../../config';
+import { Address } from "./Address";
+import { RunnerGroup } from "./RunnerGroup";
+
+/**
+ * Defines the GroupContact entity.
+ * Mainly it's own class to reduce duplicate code and enable contact's to be associated with multiple groups.
+*/
+@Entity()
+export class GroupContact {
+  /**
+   * Autogenerated unique id (primary key).
+   */
+  @PrimaryGeneratedColumn()
+  @IsInt()
+  id: number;
+
+  /**
+   * The contact's first name.
+   */
+  @Column()
+  @IsNotEmpty()
+  @IsString()
+  firstname: string;
+
+  /**
+   * The contact's middle name.
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsString()
+  middlename?: string;
+
+  /**
+   * The contact's last name.
+   */
+  @Column()
+  @IsNotEmpty()
+  @IsString()
+  lastname: string;
+
+  /**
+   * The contact's address.
+   * This is a address object to prevent any formatting differences.
+   */
+  @IsOptional()
+  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  address?: Address;
+
+  /**
+   * The contact's phone number.
+   * This will be validated against the configured country phone numer syntax (default: international).
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsPhoneNumber(config.phone_validation_countrycode)
+  phone?: string;
+
+  /**
+   * The contact's email address.
+   * Could later be used to automaticly send mails concerning the contact's associated groups.
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsEmail()
+  email?: string;
+
+  /**
+    * Used to link contacts to groups.
+    */
+  @OneToMany(() => RunnerGroup, group => group.contact, { nullable: true })
+  groups: RunnerGroup[];
 }
--- a/src/models/entities/Participant.ts
+++ b/src/models/entities/Participant.ts
@ -1,82 +1,84 @@
-import {
-  IsEmail,
-  IsInt,
-  IsNotEmpty,
-  IsOptional,
-  IsPhoneNumber,
-
-  IsString
-} from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
-import { Address } from "./Address";
-import { Donation } from "./Donation";
-
-/**
- * Defines the participant interface.
-*/
-@Entity()
-@TableInheritance({ column: { name: "type", type: "varchar" } })
-export abstract class Participant {
-  /**
-   * Autogenerated unique id (primary key).
-   */
-  @PrimaryGeneratedColumn()
-  @IsInt()
-  id: number;
-
-  /**
-   * The participant's first name.
-   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  firstname: string;
-
-  /**
-   * The participant's middle name.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsString()
-  middlename?: string;
-
-  /**
-   * The participant's last name.
-   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  lastname: string;
-
-  /**
-   * The participant's address.
-   * Optional
-   */
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
-  address?: Address;
-
-  /**
-   * The participant's phone number.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsPhoneNumber("DE")
-  phone?: string;
-
-  /**
-   * The participant's email address.
-   * Optional
-   */
-  @Column({ nullable: true })
-  @IsOptional()
-  @IsEmail()
-  email?: string;
-
-  /**
-   * Used to link the participant as the donor of a donation.
-   */
-  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
-  donations: Donation[];
+import {
+  IsEmail,
+  IsInt,
+  IsNotEmpty,
+  IsOptional,
+  IsPhoneNumber,
+
+  IsString
+} from "class-validator";
+import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { config } from '../../config';
+import { Address } from "./Address";
+import { Donation } from "./Donation";
+
+/**
+ * Defines the Participant entity.
+ * Participans can donate and therefor be associated with donation entities.
+*/
+@Entity()
+@TableInheritance({ column: { name: "type", type: "varchar" } })
+export abstract class Participant {
+  /**
+   * Autogenerated unique id (primary key).
+   */
+  @PrimaryGeneratedColumn()
+  @IsInt()
+  id: number;
+
+  /**
+   * The participant's first name.
+   */
+  @Column()
+  @IsNotEmpty()
+  @IsString()
+  firstname: string;
+
+  /**
+   * The participant's middle name.
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsString()
+  middlename?: string;
+
+  /**
+   * The participant's last name.
+   */
+  @Column()
+  @IsNotEmpty()
+  @IsString()
+  lastname: string;
+
+  /**
+   * The participant's address.
+   * This is a address object to prevent any formatting differences.
+   */
+  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  address?: Address;
+
+  /**
+   * The participant's phone number.
+   * This will be validated against the configured country phone numer syntax (default: international).
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsPhoneNumber(config.phone_validation_countrycode)
+  phone?: string;
+
+  /**
+   * The participant's email address.
+   * Can be used to contact the participant.
+   */
+  @Column({ nullable: true })
+  @IsOptional()
+  @IsEmail()
+  email?: string;
+
+  /**
+   * Used to link the participant as the donor of a donation.
+   * Attention: Only runner's can be associated as a distanceDonations distance source.
+   */
+  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
+  donations: Donation[];
 }
--- a/src/models/entities/Permission.ts
+++ b/src/models/entities/Permission.ts
@ -1,17 +1,19 @@
 import {
+  IsEnum,
  IsInt,
-  IsNotEmpty,
-
-  IsString
+  IsNotEmpty
 } from "class-validator";
-import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { User } from './User';
-import { UserGroup } from './UserGroup';
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+import { Principal } from './Principal';
 /**
- * Defines the Permission interface.
+ * Defines the Permission entity.
+ * Permissions can be granted to principals.
+ * The permissions possible targets and actions are defined in enums.
 */
@Entity()
-export abstract class Permission {
+export class Permission {
  /**
   * Autogenerated unique id (primary key).
   */
@ -20,30 +22,33 @@ export abstract class Permission {
  id: number;

  /**
-   * users
+   * The permission's principal.
   */
-  @OneToMany(() => User, user => user.permissions, { nullable: true })
-  users: User[]
+  @ManyToOne(() => Principal, principal => principal.permissions)
+  principal: Principal;

  /**
-   * groups
+   * The permission's target.
+   * This get's stored as the enum value's string representation for compatability reasons.
   */
-  @OneToMany(() => UserGroup, group => group.permissions, { nullable: true })
-  groups: UserGroup[]
-
-  /**
-   * The target
-   */
-  @Column()
+  @Column({ type: 'varchar' })
  @IsNotEmpty()
-  @IsString()
-  target: string;
+  @IsEnum(PermissionTarget)
+  target: PermissionTarget;

  /**
-   * The action type
+   * The permission's action.
+   * This get's stored as the enum value's string representation for compatability reasons.
   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  action: string;
+  @Column({ type: 'varchar' })
+  @IsEnum(PermissionAction)
+  action: PermissionAction;
+
+  /**
+   * Turn this into a string for exporting and jwts.
+   * Mainly used to shrink the size of jwts (otherwise the would contain entire objects).
+   */
+  public toString(): string {
+    return this.target + ":" + this.action;
+  }
 }
--- a/src/models/entities/Principal.ts
+++ b/src/models/entities/Principal.ts
@ -0,0 +1,30 @@
+import { IsInt } from 'class-validator';
+import { Entity, OneToMany, PrimaryGeneratedColumn, TableInheritance } from 'typeorm';
+import { ResponsePrincipal } from '../responses/ResponsePrincipal';
+import { Permission } from './Permission';
+
+/**
+ * Defines the principal entity.
+ * A principal basicly is any entity that can receive permissions for the api (users and their groups).
+*/
+@Entity()
+@TableInheritance({ column: { name: "type", type: "varchar" } })
+export abstract class Principal {
+  /**
+  * Autogenerated unique id (primary key).
+  */
+  @PrimaryGeneratedColumn()
+  @IsInt()
+  id: number;
+
+  /**
+  * The participant's permissions.
+  */
+  @OneToMany(() => Permission, permission => permission.principal, { nullable: true })
+  permissions: Permission[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public abstract toResponse(): ResponsePrincipal;
+}
--- a/src/models/entities/Runner.ts
+++ b/src/models/entities/Runner.ts
@ -7,44 +7,52 @@ import { RunnerGroup } from "./RunnerGroup";
 import { Scan } from "./Scan";

 /**
- * Defines a runner.
+ * Defines the runner entity.
+ * Runners differ from participants in being able to actually accumulate a ran distance through scans.
+ * Runner's get organized in groups.
 */
@ChildEntity()
 export class Runner extends Participant {
  /**
   * The runner's associated group.
+   * Can be a runner team or organisation.
   */
  @IsNotEmpty()
  @ManyToOne(() => RunnerGroup, group => group.runners, { nullable: false })
  group: RunnerGroup;

  /**
-   * Used to link runners to donations.
+   * The runner's associated distanceDonations.
+   * Used to link runners to distanceDonations in order to calculate the donation's amount based on the distance the runner ran.
   */
  @OneToMany(() => DistanceDonation, distanceDonation => distanceDonation.runner, { nullable: true })
  distanceDonations: DistanceDonation[];

  /**
-   * Used to link runners to cards.
+   * The runner's associated cards.
+   * Used to link runners to cards - yes a runner be associated with multiple cards this came in handy in the past.
   */
  @OneToMany(() => RunnerCard, card => card.runner, { nullable: true })
  cards: RunnerCard[];

  /**
-   * Used to link runners to a scans
+   * The runner's associated scans.
+   * Used to link runners to scans (valid and fraudulant).
   */
  @OneToMany(() => Scan, scan => scan.runner, { nullable: true })
  scans: Scan[];

  /**
   * Returns all valid scans associated with this runner.
+   * This is implemented here to avoid duplicate code in other files.
   */
  public get validScans(): Scan[] {
    return this.scans.filter(scan => { scan.valid === true });
  }

  /**
-   * Returns the total distance ran by this runner.
+   * Returns the total distance ran by this runner based on all his valid scans.
+   * This is implemented here to avoid duplicate code in other files.
  */
  @IsInt()
  public get distance(): number {
--- a/src/models/entities/RunnerCard.ts
+++ b/src/models/entities/RunnerCard.ts
@ -11,7 +11,9 @@ import { Runner } from "./Runner";
 import { TrackScan } from "./TrackScan";

 /**
- * Defines a card that can be scanned via a scanner station.
+ * Defines the RunnerCard entity.
+ * A runnerCard is a physical representation for a runner.
+ * It can be associated with a runner to create scans via the scan station's.
 */
@Entity()
 export class RunnerCard {
@ -23,7 +25,8 @@ export class RunnerCard {
  id: number;

  /**
-   * The runner that is currently associated with this card.
+   * The card's currently associated runner.
+   * To increase reusability a card can be reassigned.
   */
  @IsOptional()
  @ManyToOne(() => Runner, runner => runner.cards, { nullable: true })
@ -32,7 +35,7 @@ export class RunnerCard {
  /**
   * The card's code.
   * This has to be able to being converted to something barcode compatible.
-   * could theoretically be autogenerated
+   * Will get automaticlly generated (not implemented yet).
   */
  @Column()
  @IsEAN()
@ -49,7 +52,8 @@ export class RunnerCard {
  enabled: boolean = true;

  /**
-   * Used to link cards to a track scans.
+   * The card's associated scans.
+   * Used to link cards to track scans.
   */
  @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
  scans: TrackScan[];
--- a/src/models/entities/RunnerGroup.ts
+++ b/src/models/entities/RunnerGroup.ts
@ -9,7 +9,8 @@ import { GroupContact } from "./GroupContact";
 import { Runner } from "./Runner";

 /**
- * Defines the runnerGroup interface.
+ * Defines the RunnerGroup entity.
+ * This is used to group runners together (as the name suggests).
 */
@Entity()
@TableInheritance({ column: { name: "type", type: "varchar" } })
@ -31,13 +32,14 @@ export abstract class RunnerGroup {

  /**
   * The group's contact.
-   * Optional
+   * This is mostly a feature for the group managers and public relations.
   */
  @IsOptional()
  @ManyToOne(() => GroupContact, contact => contact.groups, { nullable: true })
  contact?: GroupContact;

  /**
+   * The group's associated runners.
   * Used to link runners to a runner group.
   */
  @OneToMany(() => Runner, runner => runner.group, { nullable: true })
--- a/src/models/entities/RunnerOrganisation.ts
+++ b/src/models/entities/RunnerOrganisation.ts
@ -5,22 +5,23 @@ import { RunnerGroup } from "./RunnerGroup";
 import { RunnerTeam } from "./RunnerTeam";

 /**
- * Defines a runner organisation (business or school for example).
+ * Defines the RunnerOrganisation entity.
+ * This usually is a school, club or company.
 */
@ChildEntity()
 export class RunnerOrganisation extends RunnerGroup {

  /**
   * The organisations's address.
-   * Optional
   */
  @IsOptional()
  @ManyToOne(() => Address, address => address.groups, { nullable: true })
  address?: Address;

  /**
- * Used to link teams to runner groups.
- */
+   * The organisation's teams.
+   * Used to link teams to a organisation.
+   */
  @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
  teams: RunnerTeam[];
 }
--- a/src/models/entities/RunnerTeam.ts
+++ b/src/models/entities/RunnerTeam.ts
@ -4,14 +4,15 @@ import { RunnerGroup } from "./RunnerGroup";
 import { RunnerOrganisation } from "./RunnerOrganisation";

 /**
- * Defines a runner team (class or deparment for example).
+ * Defines the RunnerTeam entity.
+ * This usually is a school class or department in a company.
 */
@ChildEntity()
 export class RunnerTeam extends RunnerGroup {

  /**
   * The team's parent group.
-   * Optional
+   * Every team has to be part of a runnerOrganisation - this get's checked on creation and update.
   */
  @IsNotEmpty()
  @ManyToOne(() => RunnerOrganisation, org => org.teams, { nullable: true })
--- a/src/models/entities/Scan.ts
+++ b/src/models/entities/Scan.ts
@ -9,7 +9,8 @@ import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } f
 import { Runner } from "./Runner";

 /**
- * Defines the scan interface.
+ * Defines the Scan entity.
+ * A scan basicly adds a certain distance to a runner's total ran distance.
 */
@Entity()
@TableInheritance({ column: { name: "type", type: "varchar" } })
@ -22,7 +23,8 @@ export abstract class Scan {
  id: number;

  /**
-   * The associated runner.
+   * The scan's associated runner.
+   * This is important to link ran distances to runners.
   */
  @IsNotEmpty()
  @ManyToOne(() => Runner, runner => runner.scans, { nullable: false })
@ -30,15 +32,17 @@ export abstract class Scan {

  /**
   * The scan's distance in meters.
+   * Can be set manually or derived from another object.
   */
  @IsInt()
  @IsPositive()
  abstract distance: number;

  /**
- * Is the scan valid (for fraud reasons).
- * Default: true
- */
+   * Is the scan valid (for fraud reasons).
+   * The determination of validity will work differently for every child class.
+   * Default: true
+   */
  @Column()
  @IsBoolean()
  valid: boolean = true;
--- a/src/models/entities/ScanStation.ts
+++ b/src/models/entities/ScanStation.ts
@ -10,7 +10,8 @@ import { Track } from "./Track";
 import { TrackScan } from "./TrackScan";

 /**
- * ScannerStations have the ability to create scans for specific tracks.
+ * Defines the ScanStation entity.
+ * ScanStations get used to create TrackScans for runners based on a scan of their runnerCard.
 */
@Entity()
 export class ScanStation {
@ -23,6 +24,7 @@ export class ScanStation {

  /**
   * The station's description.
+   * Mostly for better UX when traceing back stuff.
   */
  @Column({ nullable: true })
  @IsOptional()
@ -31,6 +33,7 @@ export class ScanStation {

  /**
   * The track this station is associated with.
+   * All scans created by this station will also be associated with this track.
   */
  @IsNotEmpty()
  @ManyToOne(() => Track, track => track.stations, { nullable: false })
@ -38,6 +41,7 @@ export class ScanStation {

  /**
   * The station's api key.
+   * This is used to authorize a station against the api (not implemented yet).
   */
  @Column()
  @IsNotEmpty()
@ -45,7 +49,7 @@ export class ScanStation {
  key: string;

  /**
-   * Is the station enabled (for fraud reasons)?
+   * Is the station enabled (for fraud and setup reasons)?
   * Default: true
   */
  @Column()
--- a/src/models/entities/Track.ts
+++ b/src/models/entities/Track.ts
@ -1,7 +1,6 @@
 import {
  IsInt,
  IsNotEmpty,
-
  IsPositive,
  IsString
 } from "class-validator";
@ -10,7 +9,7 @@ import { ScanStation } from "./ScanStation";
 import { TrackScan } from "./TrackScan";

 /**
- * Defines a track of given length.
+ * Defines the Track entity.
 */
@Entity()
 export class Track {
@ -23,6 +22,7 @@ export class Track {

  /**
   * The track's name.
+   * Mainly here for UX.
   */
  @Column()
  @IsString()
@ -31,6 +31,7 @@ export class Track {

  /**
   * The track's length/distance in meters.
+   * Will be used to calculate runner's ran distances.
   */
  @Column()
  @IsInt()
@ -38,13 +39,15 @@ export class Track {
  distance: number;

  /**
-   * Used to link scan stations to track.
+   * Used to link scan stations to a certain track.
+   * This makes the configuration of the scan stations easier.
   */
  @OneToMany(() => ScanStation, station => station.track, { nullable: true })
  stations: ScanStation[];

  /**
   * Used to link track scans to a track.
+   * The scan will derive it's distance from the track's distance.
   */
  @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
  scans: TrackScan[];
--- a/src/models/entities/TrackScan.ts
+++ b/src/models/entities/TrackScan.ts
@ -12,26 +12,30 @@ import { ScanStation } from "./ScanStation";
 import { Track } from "./Track";

 /**
- * Defines the scan interface.
+ * Defines the TrackScan entity.
+ * A track scan usaually get's generated by a scan station.
 */
@ChildEntity()
 export class TrackScan extends Scan {
  /**
-   * The associated track.
+   * The scan's associated track.
+   * This is used to determine the scan's distance.
   */
  @IsNotEmpty()
  @ManyToOne(() => Track, track => track.scans, { nullable: true })
  track: Track;

  /**
-   * The associated card.
+   * The runnerCard associated with the scan.
+   * This get's saved for documentation and management purposes.
   */
  @IsNotEmpty()
  @ManyToOne(() => RunnerCard, card => card.scans, { nullable: true })
  card: RunnerCard;

  /**
-   * The scanning station.
+   * The scanning station that created the scan.
+   * Mainly used for logging and traceing back scans (or errors)
   */
  @IsNotEmpty()
  @ManyToOne(() => ScanStation, station => station.scans, { nullable: true })
@ -39,6 +43,7 @@ export class TrackScan extends Scan {

  /**
   * The scan's distance in meters.
+   * This just get's loaded from it's track.
   */
  @IsInt()
  @IsPositive()
@ -48,6 +53,7 @@ export class TrackScan extends Scan {

  /**
   * The scan's creation timestamp.
+   * Will be used to implement fraud detection.
   */
  @Column()
  @IsDateString()
--- a/src/models/entities/User.ts
+++ b/src/models/entities/User.ts
@ -1,52 +1,52 @@
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUUID } from "class-validator";
-import { Column, Entity, JoinTable, ManyToMany, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { Permission } from './Permission';
+import { ChildEntity, Column, JoinTable, ManyToMany, OneToMany } from "typeorm";
+import { config } from '../../config';
+import { ResponsePrincipal } from '../responses/ResponsePrincipal';
+import { ResponseUser } from '../responses/ResponseUser';
+import { Principal } from './Principal';
 import { UserAction } from './UserAction';
 import { UserGroup } from './UserGroup';

 /**
- * Defines a admin user.
+ * Defines the User entity.
+ * Users are the ones that can use the "admin" webui and do stuff in the backend.
 */
-@Entity()
-export class User {
+@ChildEntity()
+export class User extends Principal {
  /**
-  * autogenerated unique id (primary key).
+  * The user's uuid.
+  * Mainly gets used as a per-user salt for the password hash.
  */
-  @PrimaryGeneratedColumn()
-  @IsInt()
-  id: number;
-
-  /**
-  * uuid
-  */
-  @Column()
+  @Column({ unique: true })
  @IsUUID(4)
  uuid: string;

  /**
-  * user email
+  * The user's e-mail address.
+  * Either username or email has to be set (otherwise the user couldn't log in).
  */
-  @Column({ nullable: true })
+  @Column({ nullable: true, unique: true })
  @IsEmail()
  email?: string;

  /**
-  * user phone
+  * The user's phone number.
  */
  @Column({ nullable: true })
  @IsOptional()
-  @IsPhoneNumber("ZZ")
+  @IsPhoneNumber(config.phone_validation_countrycode)
  phone?: string;

  /**
-  * username
+  * The user's username.
+  * Either username or email has to be set (otherwise the user couldn't log in).
  */
-  @Column({ nullable: true })
+  @Column({ nullable: true, unique: true })
  @IsString()
  username?: string;

  /**
-  * firstname
+  * The user's first name.
  */
  @Column()
  @IsString()
@ -54,7 +54,7 @@ export class User {
  firstname: string;

  /**
-  * middlename
+  * The user's middle name.
  */
  @Column({ nullable: true })
  @IsString()
@ -62,7 +62,7 @@ export class User {
  middlename?: string;

  /**
-  * lastname
+  * The user's last name.
  */
  @Column()
  @IsString()
@ -70,7 +70,8 @@ export class User {
  lastname: string;

  /**
-  * password
+  * The user's password.
+  * This is a argon2 hash salted with the user's uuid.
  */
  @Column()
  @IsString()
@ -78,14 +79,8 @@ export class User {
  password: string;

  /**
-  * permissions
-  */
-  @IsOptional()
-  @ManyToOne(() => Permission, permission => permission.users, { nullable: true })
-  permissions?: Permission[];
-
-  /**
-  * groups
+  * The groups this user is a part of.
+  * The user will inherit the groups permissions (without overwriting his own).
  */
  @IsOptional()
  @ManyToMany(() => UserGroup, { nullable: true })
@ -93,49 +88,41 @@ export class User {
  groups: UserGroup[];

  /**
-  * is user enabled?
+  * Is this user enabled?
  */
  @Column()
  @IsBoolean()
  enabled: boolean = true;

  /**
-  * jwt refresh count
+  * The user's jwt refresh token count.
+  * Used to invalidate jwts.
  */
  @IsInt()
  @Column({ default: 1 })
  refreshTokenCount?: number;

  /**
-  * profilepic
+  * The user's profile picture.
+  * We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture.
  */
-  @Column({ nullable: true })
+  @Column({ nullable: true, unique: true })
  @IsString()
  @IsOptional()
  profilePic?: string;

  /**
-   * actions
+   * The actions performed by this user.
+   * For documentation purposes only, will be implemented later.
   */
  @IsOptional()
  @OneToMany(() => UserAction, action => action.user, { nullable: true })
  actions: UserAction[]

  /**
-   * calculate all permissions
+   * Turns this entity into it's response class.
   */
-  public get calc_permissions(): Permission[] {
-    let final_permissions = []
-    this.groups.forEach((permission) => {
-      if (!final_permissions.includes(permission)) {
-        final_permissions.push(permission)
-      }
-    })
-    this.permissions.forEach((permission) => {
-      if (!final_permissions.includes(permission)) {
-        final_permissions.push(permission)
-      }
-    })
-    return final_permissions
+  public toResponse(): ResponsePrincipal {
+    return new ResponseUser(this);
  }
 }
--- a/src/models/entities/UserAction.ts
+++ b/src/models/entities/UserAction.ts
@ -1,14 +1,17 @@
 import {
+  IsEnum,
  IsInt,
  IsNotEmpty,
  IsOptional,
  IsString
 } from "class-validator";
 import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
+import { PermissionAction } from '../enums/PermissionAction';
 import { User } from './User';

 /**
- * Defines the UserAction interface.
+ * Defines the UserAction entity.
+ * Will later be used to document a user's actions.
 */
@Entity()
 export class UserAction {
@ -20,7 +23,7 @@ export class UserAction {
  id: number;

  /**
-   * user
+   * The user that performed the action.
   */
  @ManyToOne(() => User, user => user.actions)
  user: User
@ -34,15 +37,16 @@ export class UserAction {
  target: string;

  /**
-   * The actions's action (e.g. UPDATE)
+   * The actions's action (e.g. UPDATE).
+   * Directly pulled from the PermissionAction Enum.
   */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  action: string;
+  @Column({ type: 'varchar' })
+  @IsEnum(PermissionAction)
+  action: PermissionAction;

  /**
-   * The description of change (before-> after; e.g. distance:15->17)
+   * The description of the change (before-> after; e.g. distance:15->17).
+   * Will later be defined in more detail.
   */
  @Column({ nullable: true })
  @IsOptional()
--- a/src/models/entities/UserGroup.ts
+++ b/src/models/entities/UserGroup.ts
@ -1,29 +1,19 @@
 import {
-  IsInt,
  IsNotEmpty,
  IsOptional,
  IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
-import { Permission } from "./Permission";
+import { ChildEntity, Column } from "typeorm";
+import { ResponsePrincipal } from '../responses/ResponsePrincipal';
+import { ResponseUserGroup } from '../responses/ResponseUserGroup';
+import { Principal } from './Principal';

 /**
- * Defines the UserGroup interface.
+ * Defines the UserGroup entity.
+ * This entity describes a group of users with a set of permissions.
 */
-@Entity()
-export class UserGroup {
-  /**
-   * Autogenerated unique id (primary key).
-   */
-  @PrimaryGeneratedColumn()
-  @IsInt()
-  id: number;
-
-  /**
-     * permissions
-     */
-  @ManyToOne(() => Permission, permission => permission.groups, { nullable: true })
-  permissions: Permission[];
+@ChildEntity()
+export class UserGroup extends Principal {

  /**
   * The group's name
@ -40,4 +30,11 @@ export class UserGroup {
  @IsOptional()
  @IsString()
  description?: string;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponsePrincipal {
+    return new ResponseUserGroup(this);
+  }
 }
--- a/src/models/enums/PermissionAction.ts
+++ b/src/models/enums/PermissionAction.ts
@ -0,0 +1,10 @@
+/**
+ * This enum contains all posible actions for permissions.
+ */
+export enum PermissionAction {
+    GET = 'GET',
+    CREATE = 'CREATE',
+    UPDATE = 'UPDATE',
+    DELETE = 'DELETE',
+    IMPORT = 'IMPORT'
+}
--- a/src/models/enums/PermissionTargets.ts
+++ b/src/models/enums/PermissionTargets.ts
@ -0,0 +1,12 @@
+/**
+ * This enum contains all posible targets for permissions.
+ */
+export enum PermissionTarget {
+    RUNNER = 'RUNNER',
+    ORGANISATION = 'ORGANISATION',
+    TEAM = 'TEAM',
+    TRACK = 'TRACK',
+    USER = 'USER',
+    USERGROUP = 'USERGROUP',
+    PERMISSION = 'PERMISSION'
+}
--- a/src/models/responses/ResponseAuth.ts
+++ b/src/models/responses/ResponseAuth.ts
@ -0,0 +1,30 @@
+import { IsInt, IsString } from 'class-validator';
+
+/**
+ * Defines the repsonse auth.
+*/
+export class Auth {
+  /**
+  * The access_token - JWT shortterm access token.
+  */
+  @IsString()
+  access_token: string;
+
+  /**
+  * The refresh_token - longterm refresh token (used for requesting new access tokens).
+  */
+  @IsString()
+  refresh_token: string;
+
+  /**
+  * The unix timestamp for access the token's expiry.
+  */
+  @IsInt()
+  access_token_expires_at: number;
+
+  /**
+  * The unix unix timestamp for the access token's expiry.
+  */
+  @IsInt()
+  refresh_token_expires_at: number;
+}
--- a/src/models/responses/ResponseEmpty.ts
+++ b/src/models/responses/ResponseEmpty.ts
@ -0,0 +1,9 @@
+import { IsString } from 'class-validator';
+
+/**
+ * Defines a empty response object.
+*/
+export class ResponseEmpty {
+    @IsString()
+    response: string = "nothing here"
+}
--- a/src/models/responses/ResponseLogout.ts
+++ b/src/models/responses/ResponseLogout.ts
@ -0,0 +1,12 @@
+import { IsString } from 'class-validator';
+
+/**
+ * Defines the logout response.
+*/
+export class Logout {
+  /**
+  * The logout's timestamp.
+  */
+  @IsString()
+  timestamp: number;
+}
--- a/src/models/responses/ResponseParticipant.ts
+++ b/src/models/responses/ResponseParticipant.ts
@ -1,21 +1,15 @@
-import {
-    IsInt,
-
-
-
-    IsString
-} from "class-validator";
+import { IsInt, IsString } from "class-validator";
 import { Participant } from '../entities/Participant';

 /**
- * Defines a participant response.
+ * Defines the participant response.
 */
 export abstract class ResponseParticipant {
    /**
-     * Autogenerated unique id (primary key).
+     * The participant's id.
     */
    @IsInt()
-    id: number;;
+    id: number;

    /**
     * The participant's first name.
@ -25,7 +19,6 @@ export abstract class ResponseParticipant {

    /**
     * The participant's middle name.
-     * Optional.
     */
    @IsString()
    middlename?: string;
@ -38,18 +31,20 @@ export abstract class ResponseParticipant {

    /**
     * The participant's phone number.
-     * Optional.
     */
    @IsString()
    phone?: string;

    /**
     * The participant's e-mail address.
-     * Optional.
     */
    @IsString()
    email?: string;

+    /**
+     * Creates a ResponseParticipant object from a participant.
+     * @param participant The participant the response shall be build for.
+     */
    public constructor(participant: Participant) {
        this.id = participant.id;
        this.firstname = participant.firstname;
--- a/src/models/responses/ResponsePermission.ts
+++ b/src/models/responses/ResponsePermission.ts
@ -0,0 +1,53 @@
+import {
+    IsEnum,
+    IsInt,
+    IsNotEmpty,
+    IsObject
+} from "class-validator";
+import { Permission } from '../entities/Permission';
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+import { ResponsePrincipal } from './ResponsePrincipal';
+
+/**
+ * Defines the permission response.
+*/
+export class ResponsePermission {
+    /**
+     * The permission's id.
+     */
+    @IsInt()
+    id: number;;
+
+    /**
+     * The permissions's principal.
+     */
+    @IsObject()
+    @IsNotEmpty()
+    principal: ResponsePrincipal;
+
+    /**
+     * The permissions's target.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionTarget)
+    target: PermissionTarget;
+
+    /**
+     * The permissions's action.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionAction)
+    action: PermissionAction;
+
+    /**
+     * Creates a ResponsePermission object from a permission.
+     * @param permission The permission the response shall be build for.
+     */
+    public constructor(permission: Permission) {
+        this.id = permission.id;
+        this.principal = permission.principal.toResponse();
+        this.target = permission.target;
+        this.action = permission.action;
+    }
+}
--- a/src/models/responses/ResponsePrincipal.ts
+++ b/src/models/responses/ResponsePrincipal.ts
@ -0,0 +1,24 @@
+import {
+    IsInt
+} from "class-validator";
+import { Principal } from '../entities/Principal';
+
+/**
+ * Defines the principal response.
+*/
+export abstract class ResponsePrincipal {
+
+    /**
+     * The principal's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * Creates a ResponsePrincipal object from a principal.
+     * @param principal The principal the response shall be build for.
+     */
+    public constructor(principal: Principal) {
+        this.id = principal.id;
+    }
+}
--- a/src/models/responses/ResponseRunner.ts
+++ b/src/models/responses/ResponseRunner.ts
@ -7,13 +7,12 @@ import { RunnerGroup } from '../entities/RunnerGroup';
 import { ResponseParticipant } from './ResponseParticipant';

 /**
- * Defines RunnerTeam's response class.
+ * Defines the runner response.
 */
 export class ResponseRunner extends ResponseParticipant {

    /**
     * The runner's currently ran distance in meters.
-     * Optional.
     */
    @IsInt()
    distance: number;
@ -24,6 +23,10 @@ export class ResponseRunner extends ResponseParticipant {
    @IsObject()
    group: RunnerGroup;

+    /**
+     * Creates a ResponseRunner object from a runner.
+     * @param runner The user the response shall be build for.
+     */
    public constructor(runner: Runner) {
        super(runner);
        this.distance = runner.scans.filter(scan => { scan.valid === true }).reduce((sum, current) => sum + current.distance, 0);
--- a/src/models/responses/ResponseRunnerGroup.ts
+++ b/src/models/responses/ResponseRunnerGroup.ts
@ -1,38 +1,20 @@
-import {
-    IsInt,
-
-
-
-    IsNotEmpty,
-
-
-
-    IsObject,
-
-
-
-    IsOptional,
-
-
-
-    IsString
-} from "class-validator";
+import { IsInt, IsNotEmpty, IsObject, IsOptional, IsString } from "class-validator";
 import { GroupContact } from '../entities/GroupContact';
 import { RunnerGroup } from '../entities/RunnerGroup';

 /**
- * Defines a track of given length.
+ * Defines the runnerGroup response.
 */
 export abstract class ResponseRunnerGroup {
    /**
-     * Autogenerated unique id (primary key).
+     * The runnerGroup's id.
     */
    @IsInt()
    @IsNotEmpty()
    id: number;;

    /**
-     * The groups's name.
+     * The runnerGroup's name.
     */
    @IsString()
    @IsNotEmpty()
@ -40,13 +22,16 @@ export abstract class ResponseRunnerGroup {


    /**
-     * The group's contact.
-     * Optional.
+     * The runnerGroup's contact.
     */
    @IsObject()
    @IsOptional()
    contact?: GroupContact;

+    /**
+     * Creates a ResponseRunnerGroup object from a runnerGroup.
+     * @param group The runnerGroup the response shall be build for.
+     */
    public constructor(group: RunnerGroup) {
        this.id = group.id;
        this.name = group.name;
--- a/Show More
+++ b/Show More