Grant service access by permissions
As per discussion with @basraah, it's been concluded that not all services make sense to grant state-wide. For instance, not all members need access to SeAT, so why grant that to an entire state?
Instead, service modules could come with a permission for access. Site admins could attach this to groups (such as the default state groups) or individual users. Much more granular. Also means we can delete a nice block of settings.py which makes everyone happier.
We'd have to listen for permissions changes to disable the service, which might get messy - permissions can come in group and user form. Two receivers then: listening for User.user_permissions.through
m2m_changed
signals and User.groups.through
m2m_changed
signals, both of which trip a service access check. Actually easy now that I've typed it out.