zooniverse · zwolf · Sep 28, 2023 · Sep 27, 2023 · Sep 27, 2023 · Sep 28, 2023
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
@@ -77,6 +77,17 @@ def has_role?(role)
       true
     end
 
+    def of_posting_age?
+      return true unless ENV['POSTING_AGE_REQUIREMENT']
+
+      user.created_at < (Time.now - age_requirement)
+    end
+
+    def age_requirement
+      quant = ENV.fetch('POSTING_AGE_REQUIREMENT', '24')
+      quant.to_i.hours
+    end
+
     def roles_in(section)
       user_roles.fetch section, []
     end

diff --git a/app/policies/comment_policy.rb b/app/policies/comment_policy.rb
@@ -10,7 +10,11 @@ def show?
   end
 
   def create?
-    logged_in? && !locked? && writable?
+    if Array.wrap(record).compact.any? { |a| a.section == 'zooniverse' }
+      logged_in? && !locked? && writable? && of_posting_age?
+    else
+      logged_in? && !locked? && writable?
+    end
   end
 
   def update?

diff --git a/spec/factories/users.rb b/spec/factories/users.rb
@@ -6,6 +6,7 @@
     email { "#{ login }@example.com" }
     admin false
     banned false
+    created_at Time.now - 1.year
 
     factory :moderator do
       transient do

diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb
@@ -20,10 +20,25 @@
   end
 
   context 'with a user' do
+    ENV['POSTING_AGE_REQUIREMENT'] = '24'
     let(:user){ create :user }
     let(:record){ OpenStruct.new user_id: user.id + 1, section: 'project-1' }
 
     it{ is_expected.to be_logged_in }
+    it{ is_expected.to be_of_posting_age }
+    it{ is_expected.to_not be_owner }
+    it{ is_expected.to_not be_moderator }
+    it{ is_expected.to_not be_admin }
+    it{ is_expected.to_not be_team }
+    it{ is_expected.to have_attributes user_roles: { } }
+  end
+
+  context 'with a brand new user' do
+    ENV['POSTING_AGE_REQUIREMENT'] = '24'
+    let(:user){ create :user, created_at: Time.now }
+
+    it{ is_expected.to be_logged_in }
+    it{ is_expected.to_not be_of_posting_age }
     it{ is_expected.to_not be_owner }
     it{ is_expected.to_not be_moderator }
     it{ is_expected.to_not be_admin }

diff --git a/spec/policies/comment_policy_spec.rb b/spec/policies/comment_policy_spec.rb
@@ -38,6 +38,22 @@
       it_behaves_like 'a policy permitting', :index, :show, :create, :move, :upvote, :remove_upvote
       it_behaves_like 'a policy forbidding', :update, :destroy
     end
+
+    context 'with a new account' do
+      let(:user){ create :user, created_at: Time.now }
+      ENV['POSTING_AGE_REQUIREMENT'] = '24'
+
+      context 'on a project board' do
+        it_behaves_like 'a policy permitting', :index, :show, :create, :upvote, :remove_upvote
+        it_behaves_like 'a policy forbidding', :update, :destroy, :move
+      end
+
+      context 'on the zooniverse board' do
+        let(:board){ create :board, section: 'zooniverse', permissions: { read: 'all', write: 'all' } }
+        it_behaves_like 'a policy permitting', :index, :show, :upvote, :remove_upvote
+        it_behaves_like 'a policy forbidding', :create, :update, :destroy, :move
+      end
+    end
   end
 
   context 'with permissions read:team write:team' do