diff --git a/src/api/context.ts b/src/api/context.ts
index 35f67148..43f8b0fc 100644
--- a/src/api/context.ts
+++ b/src/api/context.ts
@@ -1,5 +1,6 @@
 import { configPrivate } from '$config/private';
 import type { RequestEvent } from '@sveltejs/kit';
+import { GraphQLError } from 'graphql';
 
 export const oidcRoles = ['admin', 'member', 'service_user'] as const;
 
@@ -20,7 +21,7 @@ export async function context(req: RequestEvent) {
 		...req.locals,
 		mustBeLoggedIn: () => {
 			if (!req.locals.oidc?.user) {
-				throw new Error('Must be logged in');
+				throw new GraphQLError('Must be logged in');
 			}
 
 			return req.locals.oidc.user;
diff --git a/src/api/handlers/agendaItem.ts b/src/api/handlers/agendaItem.ts
index fef880cc..cbafdf9c 100644
--- a/src/api/handlers/agendaItem.ts
+++ b/src/api/handlers/agendaItem.ts
@@ -7,10 +7,24 @@ import {
 	schemaBuilder,
 	arg as rumbleArg
 } from '$api/rumble';
-import { isDMUNEmail } from '$api/services/isDMUNEmail';
 import { nanoid } from '$lib/helpers/nanoid';
 import { assertFindFirstExists, assertFirstEntryExists } from '@m1212e/rumble';
-import { GraphQLError } from 'graphql';
+
+abilityBuilder.agendaItem.allow(['read']).when(({ mustBeLoggedIn }) => {
+	const user = mustBeLoggedIn();
+
+	return {
+		where: {
+			committee: {
+				conference: {
+					users: {
+						userEmail: user.email!
+					}
+				}
+			}
+		}
+	};
+});
 
 const ref = object({
 	table: 'agendaItem',
@@ -36,13 +50,6 @@ query({
 	table: 'agendaItem'
 });
 
-abilityBuilder.agendaItem.allow(['read']).when(({ mustBeLoggedIn }) => {
-	const user = mustBeLoggedIn();
-	if (user?.email && isDMUNEmail(user.email)) {
-		return 'allow';
-	}
-});
-
 schemaBuilder.mutationFields((t) => {
 	return {
 		createAgendaItem: t.drizzleField({
diff --git a/src/api/handlers/committee.ts b/src/api/handlers/committee.ts
index 285dfa52..3d3a3cd8 100644
--- a/src/api/handlers/committee.ts
+++ b/src/api/handlers/committee.ts
@@ -8,19 +8,30 @@ import {
 	schemaBuilder,
 	arg as rumbleArg
 } from '$api/rumble';
-import { isDMUNEmail } from '$api/services/isDMUNEmail';
 import { assertFirstEntryExists } from '@m1212e/rumble';
 import { and, count, eq, type InferSelectModel } from 'drizzle-orm';
 
-const statusEnum = enum_({
-	tsName: 'committeeStatus'
+abilityBuilder.committee.allow(['read']).when(({ mustBeLoggedIn }) => {
+	const user = mustBeLoggedIn();
+
+	return {
+		where: {
+			OR: [
+				{
+					members: {
+						user: {
+							userEmail: user.email
+						}
+					}
+				}
+				//TODO continue here
+			]
+		}
+	};
 });
 
-abilityBuilder.committee.allow(['read', 'update']).when(({ mustBeLoggedIn }) => {
-	const user = mustBeLoggedIn();
-	if (user?.email && isDMUNEmail(user.email)) {
-		return 'allow';
-	}
+const statusEnum = enum_({
+	tsName: 'committeeStatus'
 });
 
 const getTotalPresentCount = async (
diff --git a/src/api/services/isDMUNEmail.ts b/src/api/services/isDMUNEmail.ts
deleted file mode 100644
index 42f6eca9..00000000
--- a/src/api/services/isDMUNEmail.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-// TODO: this is a TEMPORARY solution for munbw 2025
-// this should be changed!
-export function isDMUNEmail(email: string) {
-	return email.endsWith('@dmun.de') || email.endsWith('@munbw.de') || email.endsWith('@mun-sh.de');
-}