rights system

backend/src/controllers/permission.controller.ts

@@ -76,6 +76,21 @@ class PermissionController {
     }
   }
 
+  /**
+   * DELETE /api/admin/permissions/group/:groupName
+   * Removes a group and all its permissions from the matrix.
+   */
+  async deleteGroup(req: Request, res: Response): Promise<void> {
+    try {
+      const groupName = req.params.groupName as string;
+      await permissionService.deleteGroup(groupName);
+      res.json({ success: true, message: 'Gruppe entfernt' });
+    } catch (error) {
+      logger.error('Failed to delete group', { error });
+      res.status(500).json({ success: false, message: 'Fehler beim Entfernen der Gruppe' });
+    }
+  }
+
   /**
    * PUT /api/admin/permissions/bulk
    * Bulk-update permissions for multiple groups in one request.

backend/src/routes/permission.routes.ts

@@ -15,6 +15,7 @@ router.get('/admin/unknown-groups', authenticate, requirePermission('admin:view'
 router.get('/admin/config', authenticate, requirePermission('admin:view'), permissionController.getDependencyConfig.bind(permissionController));
 router.put('/admin/config', authenticate, requirePermission('admin:write'), permissionController.setDependencyConfig.bind(permissionController));
 router.put('/admin/group/:groupName', authenticate, requirePermission('admin:write'), permissionController.setGroupPermissions.bind(permissionController));
+router.delete('/admin/group/:groupName', authenticate, requirePermission('admin:write'), permissionController.deleteGroup.bind(permissionController));
 router.put('/admin/bulk', authenticate, requirePermission('admin:write'), permissionController.setBulkPermissions.bind(permissionController));
 router.put('/admin/maintenance/:featureGroupId', authenticate, requirePermission('admin:write'), permissionController.setMaintenanceFlag.bind(permissionController));
 

backend/src/services/permission.service.ts

@@ -238,6 +238,12 @@ class PermissionService {
     }
   }
 
+  async deleteGroup(group: string): Promise<void> {
+    await pool.query('DELETE FROM group_permissions WHERE authentik_group = $1', [group]);
+    await this.loadCache();
+    logger.info('Group deleted from permissions', { group });
+  }
+
   /**
    * Bulk-update permissions for multiple groups in a single transaction.
    * Reloads cache once at the end.

frontend/src/components/admin/PermissionMatrixTab.tsx

@@ -147,6 +147,17 @@ function PermissionMatrixTab() {
     onError: () => showError('Fehler beim Hinzufügen der Gruppe'),
   });
 
+  const deleteGroupMutation = useMutation({
+    mutationFn: (groupName: string) => permissionsApi.deleteGroup(groupName),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['admin-permission-matrix'] });
+      queryClient.invalidateQueries({ queryKey: ['admin-unknown-groups'] });
+      queryClient.invalidateQueries({ queryKey: ['my-permissions'] });
+      showSuccess('Gruppe entfernt');
+    },
+    onError: () => showError('Fehler beim Entfernen der Gruppe'),
+  });
+
   const depConfigMutation = useMutation({
     mutationFn: (config: { groupHierarchy?: Record<string, string[]>; permissionDeps?: Record<string, string[]> }) =>
       permissionsApi.setDependencyConfig(config),
@@ -362,7 +373,18 @@ function PermissionMatrixTab() {
                   </Tooltip>
                   {nonAdminGroups.map(g => (
                     <TableCell key={g} align="center" sx={{ minWidth: 120, fontWeight: 'bold' }}>
+                      <Box sx={{ display: 'flex', alignItems: 'center', justifyContent: 'center', gap: 0.5 }}>
                         {g.replace('dashboard_', '')}
+                        <Tooltip title={`Gruppe "${g}" entfernen`} placement="top">
+                          <IconButton size="small" onClick={() => {
+                            if (window.confirm(`Gruppe "${g}" und alle zugehörigen Berechtigungen wirklich entfernen?`)) {
+                              deleteGroupMutation.mutate(g);
+                            }
+                          }} sx={{ opacity: 0.4, '&:hover': { opacity: 1, color: 'error.main' } }}>
+                            <DeleteIcon sx={{ fontSize: 14 }} />
+                          </IconButton>
+                        </Tooltip>
+                      </Box>
                     </TableCell>
                   ))}
                 </TableRow>

frontend/src/services/permissions.ts

@@ -21,6 +21,10 @@ export const permissionsApi = {
     await api.put(`/api/permissions/admin/group/${encodeURIComponent(group)}`, { permissions });
   },
 
+  deleteGroup: async (group: string): Promise<void> => {
+    await api.delete(`/api/permissions/admin/group/${encodeURIComponent(group)}`);
+  },
+
   setBulkPermissions: async (updates: { group: string; permissions: string[] }[]): Promise<void> => {
     await api.put('/api/permissions/admin/bulk', { updates });
   },