diff --git a/core/authentication/api_v2.py b/core/authentication/api_v2.py
index cebb344..8026a9f 100644
--- a/core/authentication/api_v2.py
+++ b/core/authentication/api_v2.py
@@ -21,14 +21,8 @@ class UserSerializer(serializers.ModelSerializer):
         fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
         read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
 
-    def collect_permissions(self, obj):
-        for permission in obj.get_all_permissions():
-            yield "*:" + permission
-        for permission in obj.event_permissions.all():
-            yield permission.event.slug + ":" + permission.permission.codename
-
     def get_permissions(self, obj):
-        return list(self.collect_permissions(obj))
+        return list(set(obj.get_permissions()))
 
 
 @receiver(post_save, sender=ExtendedUser)
diff --git a/core/authentication/migrations/0005_alter_eventpermission_event.py b/core/authentication/migrations/0005_alter_eventpermission_event.py
deleted file mode 100644
index 486f94d..0000000
--- a/core/authentication/migrations/0005_alter_eventpermission_event.py
+++ /dev/null
@@ -1,20 +0,0 @@
-# Generated by Django 4.2.7 on 2023-12-13 02:29
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('inventory', '0001_initial'),
-        ('authentication', '0004_legacy_user'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='eventpermission',
-            name='event',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='inventory.event'),
-        ),
-    ]
diff --git a/core/authentication/tests/v2/test_users.py b/core/authentication/tests/v2/test_users.py
index de979ed..2011314 100644
--- a/core/authentication/tests/v2/test_users.py
+++ b/core/authentication/tests/v2/test_users.py
@@ -52,6 +52,11 @@ class UserApiTest(TestCase):
         self.assertEqual(response.json()['last_name'], '')
         permissions = response.json()['permissions']
         self.assertEqual(len(permissions), 5)
+        self.assertTrue('*:add_item' in permissions)
+        self.assertTrue('*:view_item' in permissions)
+        self.assertTrue('*:view_event' in permissions)
+        self.assertTrue('testevent:delete_item' in permissions)
+        self.assertTrue('*:add_event' in permissions)
 
     def test_register_user(self):
         anonymous = Client()
diff --git a/core/inventory/api_v2.py b/core/inventory/api_v2.py
index 79e25f2..5f5e5ca 100644
--- a/core/inventory/api_v2.py
+++ b/core/inventory/api_v2.py
@@ -97,7 +97,7 @@ class ItemSerializer(serializers.ModelSerializer):
 
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
-@permission_required('inventory.view_item', raise_exception=True)
+@permission_required('view_item', raise_exception=True)
 def search_items(request, event_slug, query):
     try:
         event = Event.objects.get(slug=event_slug)
@@ -117,11 +117,11 @@ def item(request, event_slug):
     try:
         event = Event.objects.get(slug=event_slug)
         if request.method == 'GET':
-            if not request.user.has_event_perm(event, 'inventory.view_item'):
+            if not request.user.has_event_perm(event, 'view_item'):
                 return Response(status=403)
             return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
         elif request.method == 'POST':
-            if not request.user.has_event_perm(event, 'inventory.add_item'):
+            if not request.user.has_event_perm(event, 'add_item'):
                 return Response(status=403)
             validated_data = ItemSerializer(data=request.data)
             if validated_data.is_valid():
@@ -138,18 +138,19 @@ def item_by_id(request, event_slug, id):
         event = Event.objects.get(slug=event_slug)
         item = Item.objects.get(event=event, uid=id)
         if request.method == 'GET':
-            if not request.user.has_event_perm(event, 'inventory.view_item'):
+            if not request.user.has_event_perm(event, 'view_item'):
                 return Response(status=403)
             return Response(ItemSerializer(item).data)
         elif request.method == 'PUT':
-            if not request.user.has_event_perm(event, 'inventory.change_item'):
+            if not request.user.has_event_perm(event, 'change_item'):
                 return Response(status=403)
             validated_data = ItemSerializer(item, data=request.data)
             if validated_data.is_valid():
                 validated_data.save()
                 return Response(validated_data.data)
+            return Response(validated_data.errors, status=400)
         elif request.method == 'DELETE':
-            if not request.user.has_event_perm(event, 'inventory.delete_item'):
+            if not request.user.has_event_perm(event, 'delete_item'):
                 return Response(status=403)
             item.delete()
             return Response(status=204)
diff --git a/web/src/components/Navbar.vue b/web/src/components/Navbar.vue
index c24be73..da5caca 100644
--- a/web/src/components/Navbar.vue
+++ b/web/src/components/Navbar.vue
@@ -11,19 +11,19 @@
             </div>
         </div>
         <ul class="nav nav-tabs flex-nowrap">
-            <li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.view_item')">
+            <li class="nav-item" v-if="checkPermission(getEventSlug, 'view_item')">
                 <router-link :to="{name: 'items', params: {event: getEventSlug}}"
                              :class="['nav-link', { active: getActiveView === 'items' || getActiveView === 'item' }]">
                     Items
                 </router-link>
             </li>
-            <li class="nav-item" v-if="checkPermission(getEventSlug, 'tickets.view_issuethread')">
+            <li class="nav-item" v-if="checkPermission(getEventSlug, 'view_issuethread')">
                 <router-link :to="{name: 'tickets', params: {event: getEventSlug}}"
                              :class="['nav-link', { active: getActiveView === 'tickets' || getActiveView === 'ticket' }]">
                     Tickets
                 </router-link>
             </li>
-            <li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.delete_event')">
+            <li class="nav-item" v-if="checkPermission(getEventSlug, 'delete_event')">
                 <router-link :to="{name: 'admin'}" :class="['nav-link', { active: getActiveView === 'admin' }]">
                     Admin
                 </router-link>
diff --git a/web/src/router.js b/web/src/router.js
index 5bdbd53..2de80e7 100644
--- a/web/src/router.js
+++ b/web/src/router.js
@@ -23,27 +23,27 @@ const routes = [
     {path: '/register', name: 'register', component: Register, meta: {requiresAuth: false}},
     {path: '/howto', name: 'howto', component: HowTo, meta: {requiresAuth: true}},
     {path: '/:event/items', name: 'items', component: Items, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.view_item'}},
+            {requiresAuth: true, requiresPermission: 'view_item'}},
     {path: '/:event/item/:uid', name: 'item', component: Items, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.view_item'}},
+            {requiresAuth: true, requiresPermission: 'view_item'}},
     {path: '/:event/boxes', name: 'boxes', component: Boxes, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.view_container'}},
+            {requiresAuth: true, requiresPermission: 'view_container'}},
     {path: '/:event/box/:uid', name: 'box', component: Boxes, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.view_container'}},
+            {requiresAuth: true, requiresPermission: 'view_container'}},
     {path: '/:event/tickets', name: 'tickets', component: Tickets, meta:
-            {requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
+            {requiresAuth: true, requiresPermission: 'view_issuethread'}},
     {path: '/:event/ticket/:id', name: 'ticket', component: Ticket, meta:
-            {requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
+            {requiresAuth: true, requiresPermission: 'view_issuethread'}},
     {path: '/admin', name: 'admin', component: Admin, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
+            {requiresAuth: true, requiresPermission: 'delete_event'}},
     {path: '/admin/files', name: 'files', component: Files, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
+            {requiresAuth: true, requiresPermission: 'delete_event'}},
     {path: '/admin/events', name: 'events', component: Events, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
+            {requiresAuth: true, requiresPermission: 'delete_event'}},
     {path: '/admin/debug', name: 'debug', component: Debug, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
+            {requiresAuth: true, requiresPermission: 'delete_event'}},
     {path: '/admin/users', name: 'users', component: Events, meta:
-            {requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
+            {requiresAuth: true, requiresPermission: 'delete_event'}},
     {path: '/user', name: 'user', component: Empty, meta: {requiresAuth: true}},
     {path: '*', component: Error},
 ];