[bug] Anonymous users can create events in the past

version: 1.21.0 Via GUI an anonymous user cannot create an event in the past (while an admin can). However, an anonymous user can do this using curl with a script like the following: example script #!/bin/bash TITLE="test-passato" IMMAGINE="null" DOVE="posto" INDIRIZZO="indirizzo" GANCIO="demo.gancio.org" curl "https://$GANCIO/api/event" -X POST \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0' \ -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' \ -H 'Accept-Encoding: gzip, deflate, br' \ -H "Referer: https://$GANCIO/add" \ -F recurrent=null \ -F image_name=$TITLE \ -F image=$IMMAGINE \ -F image_focalpoint="0,0" \ -F title="$TITLE" \ -F place_name="$DOVE" \ -F place_address="$INDIRIZZO" \ -F place_latitude="40" \ -F place_longitude="12" \ -F multidate=false \ -F start_datetime=1673870700 \ -F end_datetime=1673870800 The event to be moderate is then not-visible in admin/unconfirmed_events tab. But it is visible on the event page (here: https://demo.gancio.org/event/test-passato)