users: add Restricted user level.

Add a Restricted user level. Restricted users are level 10, below
Members. New users start out as Restricted if they sign up from a proxy
or an IP recently used by another user.

Restricted users can't update or edit any public content on the site
until they verify their email address, at which point they're promoted
to Member. Restricted users are only allowed to do personal actions
like keep favorites, keep favgroups and saved searches, mark dmails as
read or deleted, or mark forum posts as read.

The restricted state already existed before, the only change here is
that now it's an actual user level instead of a hidden state. Before it
was based on two hidden flags on the user, the `requires_verification`
flag (set when a user signs up from a proxy, etc), and the `is_verified`
flag (set after the user verifies their email). Making it a user level
means that now the Restricted status will be shown publicly.

Introducing a new level below Member means that we have to change every
`is_member?` check to `!is_anonymous` for every place where we used
`is_member?` to check that the current user is logged in.

app/models/comment_vote.rb

@@ -11,10 +11,10 @@ class CommentVote < ApplicationRecord
   def self.visible(user)
     if user.is_moderator?
       all
-    elsif user.is_member?
-      where(user: user)
-    else
+    elsif user.is_anonymous?
       none
+    else
+      where(user: user)
     end
   end
 

app/models/email_address.rb

@@ -5,7 +5,6 @@ class EmailAddress < ApplicationRecord
   validates :normalized_address, uniqueness: true
   validates :user_id, uniqueness: true
   validate :validate_deliverable, on: :deliverable
-  after_save :update_user
 
   def self.visible(user)
     if user.is_moderator?
@@ -60,8 +59,14 @@ class EmailAddress < ApplicationRecord
     end
   end
 
-  def update_user
-    user.update!(is_verified: is_verified? && !is_restricted?)
+  def verify!
+    transaction do
+      update!(is_verified: true)
+
+      if user.is_restricted? && !is_restricted?
+        user.update!(level: User::Levels::MEMBER, is_verified: is_verified?)
+      end
+    end
   end
 
   concerning :VerificationMethods do

app/models/upload.rb

@@ -93,10 +93,10 @@ class Upload < ApplicationRecord
   def self.visible(user)
     if user.is_admin?
       all
-    elsif user.is_member?
-      completed.or(where(uploader: user))
-    else
+    elsif user.is_anonymous?
       completed
+    else
+      completed.or(where(uploader: user))
     end
   end
 

app/models/user.rb

@@ -6,6 +6,7 @@ class User < ApplicationRecord
 
   module Levels
     ANONYMOUS = 0
+    RESTRICTED = 10
     MEMBER = 20
     GOLD = 30
     PLATINUM = 31
@@ -211,6 +212,7 @@ class User < ApplicationRecord
       def level_hash
         return {
           "Member" => Levels::MEMBER,
+          "Restricted" => Levels::RESTRICTED,
           "Gold" => Levels::GOLD,
           "Platinum" => Levels::PLATINUM,
           "Builder" => Levels::BUILDER,
@@ -225,6 +227,9 @@ class User < ApplicationRecord
         when Levels::ANONYMOUS
           "Anonymous"
 
+        when Levels::RESTRICTED
+          "Restricted"
+
         when Levels::MEMBER
           "Member"
 
@@ -278,14 +283,14 @@ class User < ApplicationRecord
       name.match?(/\Auser_[0-9]+~*\z/)
     end
 
-    def is_restricted?
-      requires_verification? && !is_verified?
-    end
-
     def is_anonymous?
       level == Levels::ANONYMOUS
     end
 
+    def is_restricted?
+      level == Levels::RESTRICTED
+    end
+
     def is_member?
       level >= Levels::MEMBER
     end

app/models/user_name_change_request.rb

@@ -11,10 +11,10 @@ class UserNameChangeRequest < ApplicationRecord
   def self.visible(user)
     if user.is_moderator?
       all
-    elsif user.is_member?
-      where(user: User.undeleted)
-    else
+    elsif user.is_anonymous?
       none
+    else
+      where(user: User.undeleted)
     end
   end