diff --git a/Readme.md b/Readme.md
index a91b7f3..01a4a35 100644
--- a/Readme.md
+++ b/Readme.md
@@ -40,7 +40,7 @@ other handler implementations, enabling a lot of flexibility while develeoping.
 
 * [x] Improve docs/Merge with the ones of Vikunja
 * [x] Description of web.HTTPError
-* [ ] Rights methods should return errors (I know, this will break a lot of existing stuff)
+* [x] Rights methods should return errors (I know, this will break a lot of existing stuff)
 * [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts
 * [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not
 
@@ -85,18 +85,20 @@ way to do this, don't hesitate to [drop me a message](https://vikunja.io/en/cont
 
 ## Rights
 
-This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool`.
+This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool` and `error`.
+
+The `error` is handled [as usual](#errors).
 
 The interface is defined as followed:
 
 ```go
 type Rights interface {
-	IsAdmin(Auth) bool
-	CanWrite(Auth) bool
-	CanRead(Auth) bool
-	CanDelete(Auth) bool
-	CanUpdate(Auth) bool
-	CanCreate(Auth) bool
+	IsAdmin(Auth) (bool, error)
+	CanWrite(Auth) (bool, error)
+	CanRead(Auth) (bool, error)
+	CanDelete(Auth) (bool, error)
+	CanUpdate(Auth) (bool, error)
+	CanCreate(Auth) (bool, error)
 }
 ```
 
diff --git a/handler/create.go b/handler/create.go
index 0c78060..603338d 100644
--- a/handler/create.go
+++ b/handler/create.go
@@ -42,7 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
 	}
 
 	// Check rights
-	if !currentStruct.CanCreate(currentAuth) {
+	canRead, err := currentStruct.CanCreate(currentAuth)
+	if err != nil {
+		return HandleHTTPError(err, ctx)
+	}
+	if canRead {
 		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}
diff --git a/handler/delete.go b/handler/delete.go
index fef4aa9..c671b1a 100644
--- a/handler/delete.go
+++ b/handler/delete.go
@@ -40,7 +40,11 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError)
 	}
-	if !currentStruct.CanDelete(currentAuth) {
+	canDelete, err := currentStruct.CanDelete(currentAuth)
+	if err != nil {
+		return HandleHTTPError(err, ctx)
+	}
+	if canDelete {
 		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}
diff --git a/handler/read_one.go b/handler/read_one.go
index f18a631..c548d68 100644
--- a/handler/read_one.go
+++ b/handler/read_one.go
@@ -42,7 +42,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
 	}
-	if !currentStruct.CanRead(currentAuth) {
+	canRead, err := currentStruct.CanRead(currentAuth)
+	if err != nil {
+		return HandleHTTPError(err, ctx)
+	}
+	if canRead {
 		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
 	}
diff --git a/handler/update.go b/handler/update.go
index d65181a..57fa5ec 100644
--- a/handler/update.go
+++ b/handler/update.go
@@ -41,7 +41,11 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
 	}
-	if !currentStruct.CanUpdate(currentAuth) {
+	canUpdate, err := currentStruct.CanUpdate(currentAuth)
+	if err != nil {
+		return HandleHTTPError(err, ctx)
+	}
+	if canUpdate {
 		config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
 		return echo.NewHTTPError(http.StatusForbidden)
 	}
diff --git a/web.go b/web.go
index e37ee73..4231ab4 100644
--- a/web.go
+++ b/web.go
@@ -19,12 +19,12 @@ import "github.com/labstack/echo"
 
 // Rights defines rights methods
 type Rights interface {
-	IsAdmin(Auth) bool
-	CanWrite(Auth) bool
-	CanRead(Auth) bool
-	CanDelete(Auth) bool
-	CanUpdate(Auth) bool
-	CanCreate(Auth) bool
+	IsAdmin(Auth) (bool, error)
+	CanWrite(Auth) (bool, error)
+	CanRead(Auth) (bool, error)
+	CanDelete(Auth) (bool, error)
+	CanUpdate(Auth) (bool, error)
+	CanCreate(Auth) (bool, error)
 }
 
 // CRUDable defines the crud methods