When a new user has not verified their email address, any ACL that requires write access should raise a 403 forbidden error

This error message will be used to control user access on the front end and mobile by prompting them to validate their email address

Note, this needs to not effect existing users who have not verified their email address until we can roll out proper messaging

Unverified users should not be able to:

• Create a post
• Comment on a post
• Vote up or down
• Create group
• Create blog
• Upload images
• Upload movies
• unit tests

changed milestone to %Sprint::01/15 - Youthful Yabby

added scoped labels

changed weight to 6

changed time estimate to 6h

added to epic &102

marked this issue as related to front#2428

marked this issue as related to mobile-native#1702

added scoped label

removed label

added scoped label and automatically removed label

added scoped label

marked the task Create a post as completed

marked the task Comment on a post as completed

marked the task Vote up or down as completed

marked the task Create group as completed

marked the task Create blog as completed

marked the task Upload images as completed

marked the task Upload movies as completed

added scoped label and automatically removed label

added 6h of time spent at 2020-02-07

added scoped label and automatically removed label

mentioned in merge request !459

marked the task unit tests as completed

assigned to @omadrid

added scoped label and automatically removed label

pipeline failed

I was just able to make it work

added scoped label and automatically removed label

added scoped label and automatically removed label

added scoped label and automatically removed label

added scoped label and automatically removed label

added scoped label and automatically removed label

@eiennohi @markeharding has left some feedback for you. We need to handle this in the acl events (which should fire for every action) and add this check of the interact step as well