disallow login for users without validated email

plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php

@@ -24,6 +24,8 @@
  * @package   StatusNet
  * @author    Craig Andrews <candrews@integralblue.com>
  * @author    Brion Vibber <brion@status.net>
+ * @author    Evan Prodromou <evan@status.net>
+ * @copyright 2011 StatusNet Inc. http://status.net/
  * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
@@ -75,6 +77,12 @@ class RequireValidatedEmailPlugin extends Plugin
 
     public $trustedOpenIDs = array();
 
+    /**
+     * Whether or not to disallow login for unvalidated users.
+     */
+
+    public $disallowLogin = false;
+
     /**
      * Event handler for notice saves; rejects the notice
      * if user's address isn't validated.
@@ -246,7 +254,8 @@ class RequireValidatedEmailPlugin extends Plugin
      */
     function onUserRightsCheck(Profile $profile, $right, &$result)
     {
-        if ($right == Right::CREATEGROUP) {
+        if ($right == Right::CREATEGROUP ||
+            ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
             $user = User::staticGet('id', $profile->id);
             if ($user && !$this->validated($user)) {
                 $result = false;