From d3451eac255775020557bc4a49e342bd6dec540f Mon Sep 17 00:00:00 2001
From: 1aurend <imlcdavidson@gmail.com>
Date: Thu, 23 Jan 2025 10:17:01 -0800
Subject: [PATCH] [B] Ensure engage_publicly ability is false for unestablished
 users

---
 api/app/authorizers/project_authorizer.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/app/authorizers/project_authorizer.rb b/api/app/authorizers/project_authorizer.rb
index 2c931ae3c4..a4fcf5569c 100644
--- a/api/app/authorizers/project_authorizer.rb
+++ b/api/app/authorizers/project_authorizer.rb
@@ -98,7 +98,8 @@ def drafts_readable_by?(user, _options = {})
     has_any_role? user, *RoleName.draft_access
   end
 
-  def publicly_engageable_by?(_user, _options = {})
+  def publicly_engageable_by?(user, _options = {})
+    return false unless user&.trusted? || user&.established?
     !resource.disable_engagement? && !Settings.instance.general[:disable_engagement]
   end