only allow people with access rights to login via wordpress

seeds.sql

@@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
 INSERT INTO "role" (name) VALUES ('schriftfuehrer');
 INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
 INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
+INSERT INTO "role" (name) VALUES ('allow_website_login');
 INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);

src/tera/mod.rs

@@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
 
 #[post("/", data = "<login>")]
 async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
-    match User::login(db, login.name, login.password).await {
-        Ok(_) => "SUCC".into(),
-        Err(_) => "FAIL".into(),
+    if let Ok(user) = User::login(db, login.name, login.password).await {
+        if user.has_role(db, "allow_website_login").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "admin").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "Vorstand").await {
+            return String::from("SUCC");
+        }
     }
+    "FAIL".into()
 }
 
 #[catch(401)] //Unauthorized