diff --git a/server/internal/api/v1/fs/share.go b/server/internal/api/v1/fs/share.go
index f1bc42ed..71dd3306 100644
--- a/server/internal/api/v1/fs/share.go
+++ b/server/internal/api/v1/fs/share.go
@@ -34,7 +34,7 @@ func handleShareRequest(c *gin.Context) {
 		panic(err)
 	}
 
-	r, err = fs.UpdatePermissions(r, user.ID, params.Permission)
+	r, err = fs.UpdatePermissions(r, user, params.Permission)
 	if err != nil {
 		panic(err)
 	}
diff --git a/server/internal/api/v1/responses/responses.go b/server/internal/api/v1/responses/responses.go
index 8926dd81..304c7735 100644
--- a/server/internal/api/v1/responses/responses.go
+++ b/server/internal/api/v1/responses/responses.go
@@ -43,8 +43,8 @@ type User struct {
 
 type LoggedInUser struct {
 	User
-	Home        pgtype.UUID      `json:"home"`
-	Permissions core.Permissions `json:"permissions"`
+	Home        pgtype.UUID          `json:"home"`
+	Permissions core.UserPermissions `json:"permissions"`
 }
 
 type Publink struct {
diff --git a/server/internal/command/admin/user/permissions.go b/server/internal/command/admin/user/permissions.go
index bcd1059c..982ebc47 100644
--- a/server/internal/command/admin/user/permissions.go
+++ b/server/internal/command/admin/user/permissions.go
@@ -23,7 +23,7 @@ func setupGrantCommand() *cobra.Command {
 				fmt.Println("unable to find user :" + err.Error())
 				os.Exit(1)
 			}
-			var p core.Permissions
+			var p core.UserPermissions
 			permString := strings.TrimSpace(args[1])
 			if strings.HasPrefix(permString, "0x") {
 				var perm int64
@@ -60,7 +60,7 @@ func setupRevokeCommand() *cobra.Command {
 				fmt.Println("unable to find user :" + err.Error())
 				os.Exit(1)
 			}
-			var p core.Permissions
+			var p core.UserPermissions
 			permString := strings.TrimSpace(args[1])
 			if strings.HasPrefix(permString, "0x") {
 				var perm int64
diff --git a/server/internal/command/fs/setfacl.go b/server/internal/command/fs/setfacl.go
index 410f225d..c3c75225 100644
--- a/server/internal/command/fs/setfacl.go
+++ b/server/internal/command/fs/setfacl.go
@@ -35,7 +35,7 @@ func setupSetfaclCommand() *cobra.Command {
 				fmt.Println("cannot update permissions for user '" + email + "': " + err.Error())
 				os.Exit(1)
 			} else {
-				if _, err := f.UpdatePermissions(r, user.ID, permission); err != nil {
+				if _, err := f.UpdatePermissions(r, user, permission); err != nil {
 					fmt.Println("cannot update permissions for '" + path + "': " + err.Error())
 					os.Exit(1)
 				}
diff --git a/server/internal/core/config.go b/server/internal/core/config.go
index 3fb2a310..e6301ed1 100644
--- a/server/internal/core/config.go
+++ b/server/internal/core/config.go
@@ -1,9 +1,9 @@
 package core
 
 type Config struct {
-	Password   PasswordConfig `koanf:"password"`
-	BaseDir    string         `koanf:"basedir"`
-	Permisison Permissions    `koanf:"permission"`
+	Password   PasswordConfig  `koanf:"password"`
+	BaseDir    string          `koanf:"basedir"`
+	Permisison UserPermissions `koanf:"permission"`
 }
 
 type PasswordConfig struct {
diff --git a/server/internal/core/core.go b/server/internal/core/core.go
index 5d8e3e89..92fb3c8e 100644
--- a/server/internal/core/core.go
+++ b/server/internal/core/core.go
@@ -50,8 +50,7 @@ type FileSystem interface {
 	Move(r Resource, target string, conflictResolution ResourceBindConflictResolution) (Resource, bool, error)
 
 	// permissions.go
-	// TODO: #users
-	UpdatePermissions(r Resource, userID int32, permission Permission) (Resource, error)
+	UpdatePermissions(r Resource, user User, permission Permission) (Resource, error)
 
 	//publink.go
 	CreatePublink(r Resource, id, password string, expires pgtype.Timestamp, accessLimit int) error
@@ -94,8 +93,8 @@ type UserManager interface {
 	UpdateUserHome(user User, home pgtype.UUID) error
 	UpdateUserName(user User, name string) error
 	UpdateUserPassword(user User, password string) error
-	GrantUserPermissions(user User, permissions Permissions) error
-	RevokeUserPermissions(user User, permissions Permissions) error
+	GrantUserPermissions(user User, permissions UserPermissions) error
+	RevokeUserPermissions(user User, permissions UserPermissions) error
 
 	// user_bookmarks.go
 	AddBookmark(u User, resource Resource, name string) (Bookmark, error)
diff --git a/server/internal/core/manager.go b/server/internal/core/manager.go
index 3ef4c89c..d70b04c0 100644
--- a/server/internal/core/manager.go
+++ b/server/internal/core/manager.go
@@ -54,7 +54,7 @@ func (m manager) CreateUser(email, name string, noCreateHome bool) (User, error)
 		}
 
 		if homeID.Valid {
-			if _, err := f.UpdatePermissions(home, user.ID, PermissionRead|PermissionWrite|PermissionShare); err != nil {
+			if _, err := f.UpdatePermissions(home, user, PermissionRead|PermissionWrite|PermissionShare); err != nil {
 				return err
 			}
 		}
diff --git a/server/internal/core/permission.go b/server/internal/core/permission.go
deleted file mode 100644
index 7b1a67be..00000000
--- a/server/internal/core/permission.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package core
-
-type Permissions = int32
-
-const (
-	PermissionUsersInvite = Permissions(0x10)
-	PermissionUsersGrant  = Permissions(0x20)
-	PermissionFilesAll    = Permissions(0x100)
-)
diff --git a/server/internal/core/permissions.go b/server/internal/core/permissions.go
index f4c69d66..18f706dd 100644
--- a/server/internal/core/permissions.go
+++ b/server/internal/core/permissions.go
@@ -15,7 +15,7 @@ const (
 	PermissionSU    = Permission(-1)
 )
 
-func (f filesystem) UpdatePermissions(r Resource, userID int32, permission Permission) (Resource, error) {
+func (f filesystem) UpdatePermissions(r Resource, user User, permission Permission) (Resource, error) {
 	if r.deleted.Valid {
 		return r, ErrResourceDeleted
 	}
@@ -47,7 +47,7 @@ RETURNING grants`
 	err := f.runInTx(func(f filesystem) error {
 		row := f.db.QueryRow(q, pgx.NamedArgs{
 			"resource_id": r.id,
-			"user_id":     userID,
+			"user_id":     user.ID,
 			"permission":  permission,
 		})
 
diff --git a/server/internal/core/update.go b/server/internal/core/update.go
index d29968c6..8a475159 100644
--- a/server/internal/core/update.go
+++ b/server/internal/core/update.go
@@ -37,7 +37,7 @@ func (m manager) UpdateUserPassword(user User, password string) error {
 	return nil
 }
 
-func (m manager) GrantUserPermissions(user User, permissions Permissions) error {
+func (m manager) GrantUserPermissions(user User, permissions UserPermissions) error {
 	const q = "UPDATE users SET permissions = permissions | $2::INTEGER, modified = NOW() WHERE id = $1::INT"
 	if _, err := m.db.Exec(q, user.ID, permissions); err != nil {
 		return err
@@ -45,7 +45,7 @@ func (m manager) GrantUserPermissions(user User, permissions Permissions) error
 	return nil
 }
 
-func (m manager) RevokeUserPermissions(user User, permissions Permissions) error {
+func (m manager) RevokeUserPermissions(user User, permissions UserPermissions) error {
 	const q = "UPDATE users SET permissions = permissions & ~ $2::INTEGER, modified = NOW() WHERE id = $1::INT"
 	if _, err := m.db.Exec(q, user.ID, permissions); err != nil {
 		return err
diff --git a/server/internal/core/user.go b/server/internal/core/user.go
index 412f95ca..25dc4a2d 100644
--- a/server/internal/core/user.go
+++ b/server/internal/core/user.go
@@ -5,12 +5,20 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 )
 
+type UserPermissions = int32
+
+const (
+	PermissionUsersInvite = UserPermissions(0x10)
+	PermissionUsersGrant  = UserPermissions(0x20)
+	PermissionFilesAll    = UserPermissions(0x100)
+)
+
 type User struct {
 	ID          int32
 	Email       string
 	Name        string
 	Home        pgtype.UUID
-	Permissions Permissions
+	Permissions UserPermissions
 }
 
 func scanUser(row pgx.CollectableRow) (User, error) {