feat: Block DOI registration by spam or not-yet-approved communities

[isTravis]

Any community could mint DOIs (via Crossref or DataCite) regardless of whether the community had been approved by a moderator. Communities with a SpamTag status of 'unreviewed' or 'confirmed-spam' should not be able to issue DOIs.

Approach

Server-side enforcement

A new shared guard function assertCommunityApprovedForDoi(communityId) is added to server/doi/permissions.ts. It loads the community's SpamTag and throws a ForbiddenError if the status is anything other than 'confirmed-not-spam'. Legacy communities with no SpamTag record (pre-dating the spam system) are allowed through.

The guard is added to all DOI-minting API endpoints:

• Crossref: POST /api/doi, GET /api/doiPreview, GET /api/generateDoi (via previewOrDepositDoi() and the generateDoi handler in server/doi/api.ts)
• DataCite pubs: POST /api/pubs/:pubId/doi, POST /api/pubs/:pubId/doi/preview (in server/pub/api.ts)
• DataCite collections: POST /api/collections/:collectionId/doi, POST /api/collections/:collectionId/doi/preview (in server/collection/api.ts)

Intentionally not gated:

• GET /api/doi/validate — read-only validation, does not mint DOIs
• server/doi/updateUrls.ts — maintenance path for updating existing DOI URLs during community destruction

Client-side UX

• PubSettings: canIssueDoi now requires both canAdminCommunity and community approval
• CollectionSettings: canIssueDoi (was hardcoded true) now checks community approval; allowUpdateDoi on the Crossref metadata editor also gated
• Deposit component: shows a warning callout explaining DOI minting requires approval when the community is unapproved, replacing the deposit UI entirely
• SpamBanner: updated "unreviewed" banner text — previously said "all features and functionality are available", now notes that DOI minting is unavailable

Changed files

File	Change
server/doi/permissions.ts	New assertCommunityApprovedForDoi() guard
server/doi/api.ts	Guard added to Crossref routes
server/pub/api.ts	Guard added to DataCite pub routes
server/collection/api.ts	Guard added to DataCite collection routes
client/components/Deposit/Deposit.tsx	Warning callout for unapproved communities
client/containers/DashboardSettings/PubSettings/PubSettings.tsx	canIssueDoi checks approval
client/containers/DashboardSettings/CollectionSettings/CollectionSettings.tsx	canIssueDoi and allowUpdateDoi check approval
client/containers/App/SpamBanner.tsx	Updated banner language

[gabestein]

LGTM from a functionality perspective. I do wonder if we want to still let people preview deposits for evaluating the tool, since it's a popular use-case? But seems like a bit of an edge case that, if it came up, could be a pretty quick follow.

[isTravis]

Nice - agreed. Removed the gate on the previews in the latest commit