diff --git a/seeds.sql b/seeds.sql
index f1e1acd..caa32a2 100644
--- a/seeds.sql
+++ b/seeds.sql
@@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
 INSERT INTO "role" (name) VALUES ('schriftfuehrer');
 INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
 INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
+INSERT INTO "role" (name) VALUES ('allow_website_login');
 INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
diff --git a/src/tera/mod.rs b/src/tera/mod.rs
index e49e053..314483b 100644
--- a/src/tera/mod.rs
+++ b/src/tera/mod.rs
@@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
 
 #[post("/", data = "<login>")]
 async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
-    match User::login(db, login.name, login.password).await {
-        Ok(_) => "SUCC".into(),
-        Err(_) => "FAIL".into(),
+    if let Ok(user) = User::login(db, login.name, login.password).await {
+        if user.has_role(db, "allow_website_login").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "admin").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "Vorstand").await {
+            return String::from("SUCC");
+        }
     }
+    "FAIL".into()
 }
 
 #[catch(401)] //Unauthorized