degeri
commented
4 years ago gating the new users seems like a good approach.
Couple of things we can look into
- Limit N number of people a single user can invite in X time
- Use weighted hours average to determine X and N ?
- Allow contractors to set a flag (default on?) on their account that sends them an email if any invites happen (or registration). This way sneak invites and votes dont happen.
Does this tie in with temporary accounts in any way ?
I wanted to make an issue to discuss what needs to be done (in terms of security) to properly allow user's the ability to invite their own nominees to CMS.
Mostly I was thinking we could gate everything and only show the accounts page if a user is currently in the ContractorTypeNominee. Beyond that I'm not sure what else we'd need to think about.
thoughts @degeri?