Prune crew pictures

[kentsigurdsen]

If you have access to an event you can search for crew pictures, even if they have been inactive as crew members for multiple years.

I have two suggestions to solve this problem:

1. Prune the picture of the crewmember if they have an inactive year.
2. Only make pictures available for others to see if the crewmember is active the same year as the person performing the search.

[KristianLyng]

We probably need to split this up. We have a general GDPR-issue with pictures, so we should really delete all pictures. I suggest we do this for TG after the main recruitment period is over. But this is a TG-thing.

The second is that we need to fix permissions in general. Only people in the crew should see pictures, regardless. And this needs to be event-specific. (e.g.: tg20-crew should not see pics for tg19-members)

The third is that we should ideally have auto-prune, where a user can provide a drop-down when uploading a picture. "Delete X months after event, delete after 2 years of inactivity, keep forever/until I delete".

I suggest this specific issue be used for the second case?

[Brekkjern]

I made #20 for the permissions issue. Probably better to stick to the title for this issue.

Auto-pruning could be a neat feature, but how about defining these properties in the event itself? Set event duration and such when creating the event, and include a "prune" date for sensitive data. Could automatically delete the medical or needs information based on this date for example.

[niccofyren]

Small update on this. When migrating to new TG20 wannabe hosting we plan to only move only profile images for users with activity the last x years. This will be a one time prune, but might also lead to some related PR's with part of the tooling used during that process.