Update to allow unverified users to edit their own data.
Closes #1617 (closed)
Summary
Change to the ACL to allow users to edit their own user object when their email is not verified.
Steps to replicate
- Make new account
- Go through steps watching your XHRs
- the save to info fails on prod.
Note you can still not post.
Regression Scope
This MR needs a careful eye as it contains a low-level change to the ACL. I followed what we discussed in a meeting, but want to make sure I have the logic correct.
Testing I had to force the user->isTrusted() function to return false to simulate what is happening on production - I presume somewhere there's something environmental determining that on our local development machines we don't need email verification, but could not find it.
This means that this error likely would not trigger anyway on Sandboxes unless you know for certain they are configured in such a way. Maybe testing on a minds.com subdomain would be preferable but it is a wide test plan.