diff --git a/lib/classes/JsonApi/Routes/Feedback/Authority.php b/lib/classes/JsonApi/Routes/Feedback/Authority.php
index 683f1ae96d653659b6a2e623f83b0def30bf4432..04d6ad1e85ea4dc5104082f379d1de2029b45767 100644
--- a/lib/classes/JsonApi/Routes/Feedback/Authority.php
+++ b/lib/classes/JsonApi/Routes/Feedback/Authority.php
@@ -53,54 +53,33 @@ class Authority
         return self::canShowFeedbackElement($user, $feedbackElement);
     }
 
-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
     public static function canCreateFeedbackEntry(User $user, FeedbackElement $element): bool
     {
-        if (!$element->isFeedbackable()) {
-            return false;
-        }
-
-        // TODO: Wann darf ich Feedback Entries schreiben
-        return true;
+        return $element->isFeedbackable($user->getId());
     }
 
-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
     public static function canUpdateFeedbackEntry(User $user, FeedbackEntry $entry): bool
     {
-        if (!$entry->isEditable()) {
-            return false;
-        }
-
-        // TODO: Wann darf ich Feedback Entries bearbeiten
-        return true;
+        return $entry->isEditable($user->getId());
     }
 
     public static function canDeleteFeedbackEntry(User $user, FeedbackEntry $entry): bool
     {
-        return self::canUpdateFeedbackEntry($user, $entry);
+        return $entry->isDeletable($user->getId());
     }
 
-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
     public static function canCreateFeedbackElement(User $user, FeedbackRange $range): bool
     {
-        // TODO: Wann darf ich Feedback Elemente anhängen
-        // bisher https://gitlab.studip.de/studip/studip/-/blob/main/lib/classes/Feedback.class.php#L76
-        return true;
+        return $range->isRangeAccessible($user->getId()) &&
+            Feedback::hasCreatePerm($range->getRangeCourseId(), $user->getId());
     }
 
-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
     public static function canUpdateFeedbackElement(User $user, FeedbackElement $element): bool
     {
-        // TODO: Wann darf ich Feedback Elemente ändern?
-        return true;
+        $range = $element->getRange();
+
+        return $range->isRangeAccessible($user->getId()) &&
+            Feedback::hasAdminPerm($range->getRangeCourseId(), $user->getId());
     }
 
     public static function canDeleteFeedbackElement(User $user, FeedbackElement $element): bool
diff --git a/lib/models/FeedbackEntry.php b/lib/models/FeedbackEntry.php
index 4b4ea7c35642fc0984ad680336571a70134aa88c..293ee20e951e737284e6156a1010be1e2c050d2e 100644
--- a/lib/models/FeedbackEntry.php
+++ b/lib/models/FeedbackEntry.php
@@ -33,16 +33,17 @@ class FeedbackEntry extends SimpleORMap
         parent::configure($config);
     }
 
-    public function isEditable()
+    public function isEditable(string $user_id = null): bool
     {
-        return $this->user_id === $GLOBALS['user']->id;
+        $user_id = $user_id ?? $GLOBALS['user']->getId();
+
+        return $this->user_id === $user_id;
     }
 
-    public function isDeletable()
+    public function isDeletable(string $user_id = null): bool
     {
         $deletable = false;
-
-        $user_id = $GLOBALS['user']->id;
+        $user_id = $user_id ?? $GLOBALS['user']->getId();
 
         if ($this->user_id == $user_id) {
             $deletable = true;