diff --git a/web/src/endpoints/vehicle/delete.rs b/web/src/endpoints/vehicle/delete.rs
index 9f1471dd..b2b880fd 100644
--- a/web/src/endpoints/vehicle/delete.rs
+++ b/web/src/endpoints/vehicle/delete.rs
@@ -13,7 +13,7 @@ pub async fn delete(
     pool: web::Data<PgPool>,
     path: web::Path<IdPath>,
 ) -> Result<impl Responder, ApplicationError> {
-    if user.role != Role::Admin {
+    if user.role != Role::Admin && user.role != Role::AreaManager {
         return Err(ApplicationError::Unauthorized);
     }
 
@@ -25,3 +25,64 @@ pub async fn delete(
 
     Ok(HttpResponse::Ok().finish())
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::{
+        models::{Function, Role, Vehicle},
+        utils::test_helper::{test_delete, DbTestContext, RequestConfig, StatusCode},
+    };
+    use brass_macros::db_test;
+
+    #[db_test]
+    async fn deletes_vehicle_when_user_is_admin_and_vehicle_exists(context: &DbTestContext) {
+        works_for_role(context, Role::Admin).await;
+    }
+
+    #[db_test]
+    async fn deletes_vehicle_when_user_is_area_manager_and_vehicle_exists(context: &DbTestContext) {
+        works_for_role(context, Role::AreaManager).await;
+    }
+
+    async fn works_for_role(context: &DbTestContext, role: Role) {
+        Vehicle::create(&context.db_pool, "11.49.1", "FF Leipzig Ost")
+            .await
+            .unwrap();
+
+        assert!(Vehicle::read(&context.db_pool, 1).await.unwrap().is_some());
+
+        let app = context.app().await;
+        let config = RequestConfig {
+            uri: "/vehicles/1".to_string(),
+            role,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+        let response = test_delete(&context.db_pool, app, &config).await;
+
+        assert_eq!(StatusCode::OK, response.status());
+        assert!(Vehicle::read(&context.db_pool, 1).await.unwrap().is_none());
+    }
+
+    #[db_test]
+    async fn returns_unauthorized_when_user_is_staff(context: &DbTestContext) {
+        let app = context.app().await;
+        let response = test_delete(&context.db_pool, app, &RequestConfig::new("/vehicles/1")).await;
+
+        assert_eq!(StatusCode::UNAUTHORIZED, response.status());
+    }
+
+    #[db_test]
+    async fn returns_not_found_when_vehicle_does_not_exist(context: &DbTestContext) {
+        let app = context.app().await;
+        let config = RequestConfig {
+            uri: "/vehicles/1".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+        let response = test_delete(&context.db_pool, app, &config).await;
+
+        assert_eq!(StatusCode::NOT_FOUND, response.status());
+    }
+}