How can we achieve that with nodebb, where spiders have nodebb's default access but not the hidden files, which only verified users can access?
registered-users, all users who register are added to this group
verified-usersonly users who have verified their email are in this group
unverified-usersonly users who have NOT verified their email are in this group
-means that group is inheriting it's privileges from the registered-users groups since all users are in that group.
If you want you can remove certain privileges from the registered-users group and only allow verified-users access to a category.