Bugless #35
kasownik/sso: allow access to people who are behind on their membership fees
Status:
New
Priority:
Normal
Assignee:
-
Category:
hscloud
Description
Currently, if you are INACTIVE, you can't log into kasownik to check your fees.
This is part of a larger problem, that SSO clients have no way of specifying which kinds of users should be able to log in, and I even think currently all are hardcoded to never let in inactive account.
Instead, we should support the following behaviours, I think:
- Allow every account to log in, as client will perform own checks against kasownik/capacifier/...
- Allow only paying members (ACTIVE) to log in
- Allow some other subset of members to log in (eg. LDAP groups?)
