When a user has an unverified email address, deny write permissions
When a new user has not verified their email address, any ACL that requires write access should raise a 403 forbidden error
This error message will be used to control user access on the front end and mobile by prompting them to validate their email address
Note, this needs to not effect existing users who have not verified their email address until we can roll out proper messaging
Unverified users should not be able to:
-
Create a post -
Comment on a post -
Vote up or down -
Create group -
Create blog -
Upload images -
Upload movies -
unit tests
Edited by Marcelo Rivera