From eeca90870ad0193b959bca255736564480a615b4 Mon Sep 17 00:00:00 2001
From: Wilco van Beijnum <wilcovanbeijnum@gmail.com>
Date: Sat, 12 Mar 2022 15:14:58 +0100
Subject: [PATCH] Limit photo album visibility

---
 app/models/photo_album.rb          |  5 +++++
 app/policies/photo_album_policy.rb | 10 ++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb
index 9ca74bd0..312e64ff 100644
--- a/app/models/photo_album.rb
+++ b/app/models/photo_album.rb
@@ -9,6 +9,11 @@ class PhotoAlbum < ApplicationRecord
   validates :publicly_visible, inclusion: [true, false]
 
   scope :publicly_visible, (-> { where(publicly_visible: true) })
+  scope :posted_between_or_publicly_visible, (lambda { |start_date, end_date|
+    where(publicly_visible: true)
+      .or(where.not(date: nil).where(date: start_date..end_date))
+      .or(where(date: nil).where(created_at: start_date..end_date))
+  })
 
   def owners
     if group.present?
diff --git a/app/policies/photo_album_policy.rb b/app/policies/photo_album_policy.rb
index f54a4e16..15a3d097 100644
--- a/app/policies/photo_album_policy.rb
+++ b/app/policies/photo_album_policy.rb
@@ -1,8 +1,14 @@
 class PhotoAlbumPolicy < ApplicationPolicy
   class Scope < ApplicationPolicy::Scope
-    def resolve
+    def resolve # rubocop:disable Metrics/AbcSize
       if user_can_read?
-        scope
+        membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first
+        return scope.publicly_visible if membership.nil?
+
+        scope.posted_between_or_publicly_visible(
+          membership.start_date&.advance(months: -18),
+          membership.end_date&.advance(months: 6)
+        )
       else
         scope.publicly_visible
       end