calendar and vehicle booking rework

backend/src/routes/booking.routes.ts

@@ -18,15 +18,15 @@ router.get('/calendar-token', authenticate, bookingController.getCalendarToken.b
 
 // ── Write operations ──────────────────────────────────────────────────────────
 
-router.post('/',     authenticate, requirePermission('kalender:manage_bookings'), bookingController.create.bind(bookingController));
-router.patch('/:id', authenticate, requirePermission('kalender:manage_bookings'), bookingController.update.bind(bookingController));
+router.post('/',     authenticate, requirePermission('fahrzeugbuchungen:create'), bookingController.create.bind(bookingController));
+router.patch('/:id', authenticate, requirePermission('fahrzeugbuchungen:manage'), bookingController.update.bind(bookingController));
 
 // Soft-cancel (sets abgesagt=TRUE) — creator or bookings:write
 router.delete('/:id',       authenticate, bookingController.cancel.bind(bookingController));
 router.patch('/:id/cancel', authenticate, bookingController.cancel.bind(bookingController));
 
 // Hard-delete (admin only)
-router.delete('/:id/force', authenticate, requirePermission('kalender:manage_bookings'), bookingController.hardDelete.bind(bookingController));
+router.delete('/:id/force', authenticate, requirePermission('fahrzeugbuchungen:manage'), bookingController.hardDelete.bind(bookingController));
 
 // ── Single booking read — after specific routes to avoid path conflicts ───────
 

backend/src/routes/buchungskategorie.routes.ts

@@ -9,7 +9,7 @@ const router = Router();
 router.get(
   '/',
   authenticate,
-  requirePermission('kalender:view_bookings'),
+  requirePermission('fahrzeugbuchungen:view'),
   buchungskategorieController.list.bind(buchungskategorieController)
 );
 
@@ -17,7 +17,7 @@ router.get(
 router.get(
   '/active',
   authenticate,
-  requirePermission('kalender:view_bookings'),
+  requirePermission('fahrzeugbuchungen:view'),
   buchungskategorieController.listActive.bind(buchungskategorieController)
 );
 
@@ -25,7 +25,7 @@ router.get(
 router.post(
   '/',
   authenticate,
-  requirePermission('kalender:manage_bookings'),
+  requirePermission('fahrzeugbuchungen:manage'),
   buchungskategorieController.create.bind(buchungskategorieController)
 );
 
@@ -33,7 +33,7 @@ router.post(
 router.patch(
   '/:id',
   authenticate,
-  requirePermission('kalender:manage_bookings'),
+  requirePermission('fahrzeugbuchungen:manage'),
   buchungskategorieController.update.bind(buchungskategorieController)
 );
 
@@ -41,7 +41,7 @@ router.patch(
 router.delete(
   '/:id',
   authenticate,
-  requirePermission('kalender:manage_bookings'),
+  requirePermission('fahrzeugbuchungen:manage'),
   buchungskategorieController.deactivate.bind(buchungskategorieController)
 );
 
@@ -49,7 +49,7 @@ router.delete(
 router.delete(
   '/:id/permanent',
   authenticate,
-  requirePermission('kalender:manage_bookings'),
+  requirePermission('fahrzeugbuchungen:manage'),
   buchungskategorieController.remove.bind(buchungskategorieController)
 );