email invitations are sent to students for course in non-upgraded project

[DrXyzzy]

Tested with recent Firefox.

1. Create a new project as non-admin.
2. Create a course file in the new project.
3. Add a student email address in the course for an email account you can access that does not correspond to an existing CoCalc.com account.
4. Check for new email at the email account used. There should be no invitations sent because the project is not upgraded. Instead, there are one, sometimes two, invitations sent.

[DrXyzzy]

This is seen when running the old (pre-webpack5 optimized) cocalc as well as the new.

[williamstein]

Just to be clear, this is the exact opposite problem, to what two different users complained about in support today? Funny.

Also, I'm not sure this is a bug. I know we put it some rules to allow users to send emails, and one is "project is upgraded". We might allow sending emails in other cases too, e.g., "you bought something"...

[DrXyzzy]

I had forgot the "I bought something" condition. Just now, I just reproduced the behavior after signing in with a completely new CoCalc account (i.e. no record of having bought something or being invited to an upgraded / licensed project). Without any license or other upgrade on the project, the user could cause an email invitation to be sent to an address that does not have a CoCalc account.

[novoselt]

I do think it is a bug, but a good solution would be not to open the course file at all without an upgrade to the instructor project.

[williamstein]

This is not a bug. For years now we've dealt with the spam problem by throttling sending emails instead of blocking that functionality for non-customers.