Merge pull request #50 from airbnb/nray_ensure_excluded_tags_propogate

[Feature] Make sure excluded tags are excluded everywhere

Author: NiharikaRay

knowledge_repo/app/app.py

@@ -12,7 +12,7 @@
 
 from .proxies import db_session, current_repo
 from .index import update_index
-from .models import db as sqlalchemy_db, Post, User
+from .models import db as sqlalchemy_db, Post, User, Tag
 from . import routes
 
 logging.basicConfig(level=logging.INFO)
@@ -123,8 +123,22 @@ def update_typeahead_data(post):
                     typeahead_data[str(post.title)] = typeahead_entry
 
             update_index()
+
+            # For every tag in the excluded tags, create the tag object if it doesn't exist
+            # To ensure that posts with the excluded tags do not show up in the typeahead
+            excluded_tags = current_app.config.get('EXCLUDED_TAGS')
+            for tag in excluded_tags:
+                tag_exists = (db_session.query(Tag)
+                                        .filter(Tag.name == tag)
+                                        .all())
+                if not tag_exists:
+                    tag_exists = Tag(name=tag)
+                    db_session.add(tag_exists)
+                    db_session.commit()
+
             posts = (db_session.query(Post)
                      .filter(Post.is_published)
+                     .filter(~Post.tags.any(Tag.name.in_(excluded_tags)))
                      .all())
 
             for post in posts:

knowledge_repo/app/models.py

@@ -190,8 +190,10 @@ def get_liked_posts(self):
                  .filter(Vote.user_id == self.id)
                  .all())
         post_ids = [vote.object_id for vote in votes]
+        excluded_tags = current_app.config.get('EXCLUDED_TAGS')
         posts = (db.session.query(Post)
                  .filter(Post.id.in_(post_ids))
+                 .filter(~Post.tags.any(Tag.name.in_(excluded_tags)))
                  .all())
         return posts
 
@@ -307,6 +309,14 @@ def tags(self, tags):
 
         self._tags = tag_objs
 
+    @property
+    def contains_excluded_tag(self):
+        excluded_tags = current_app.config.get('EXCLUDED_TAGS')
+        for tag in self.tags:
+            if tag.name in excluded_tags:
+                return True
+        return False
+
     _status = db.Column('status', db.Integer(), default=0)
 
     @hybrid_property

knowledge_repo/app/routes/index.py

@@ -116,7 +116,10 @@ def render_cluster():
     request_tag = request.args.get('tag')
     sort_desc = not bool(request.args.get('sort_asc', ''))
 
-    post_query = db_session.query(Post).filter(Post.is_published)
+    excluded_tags = current_app.config.get('EXCLUDED_TAGS')
+    post_query = (db_session.query(Post)
+                            .filter(Post.is_published)
+                            .filter(~Post.tags.any(Tag.name.in_(excluded_tags))))
 
     if filters:
         filter_set = filters.split(" ")
@@ -128,17 +131,23 @@ def render_cluster():
         author_to_posts = {}
         authors = (db_session.query(User).all())
         for author in authors:
-            author_posts = [post for post in author.posts if post.is_published]
+            author_posts = [post for
+                            post in author.posts
+                            if post.is_published and not post.contains_excluded_tag]
             if author_posts:
                 author_to_posts[author.format_name] = author_posts
         tuples = [(k, v) for (k, v) in author_to_posts.items()]
 
     elif group_by == "tags":
         tags_to_posts = {}
-        all_tags = (db_session.query(Tag).all())
+        all_tags = (db_session.query(Tag)
+                              .filter(~Tag.name.in_(excluded_tags))
+                              .all())
 
         for tag in all_tags:
-            tag_posts = [post for post in tag.posts if post.is_published]
+            tag_posts = [post for
+                         post in tag.posts
+                         if post.is_published and not post.contains_excluded_tag]
             if tag_posts:
                 tags_to_posts[tag.name] = tag.posts
         tuples = [(k, v) for (k, v) in tags_to_posts.items()]

knowledge_repo/app/routes/render.py

@@ -68,6 +68,10 @@ def render():
     if not post:
         raise Exception("unable to find post at {}".format(path))
 
+    if post.contains_excluded_tag:
+        # It's possilbe that someone gets a direct link to a post that has an excluded tag
+        return render_template("error.html")
+
     html = render_post(post)
     raw_post = render_post_raw(post) if raw else None
 

knowledge_repo/app/routes/tags.py

@@ -11,7 +11,7 @@
   - /toggle_tag_subscription
   - /tag_list
 """
-from flask import request, render_template, Blueprint, g
+from flask import current_app, request, render_template, Blueprint, g
 from sqlalchemy import and_
 import logging
 
@@ -42,7 +42,7 @@ def render_batch_tags():
     sort_desc = not sort_asc
     feed_params = from_request_get_feed_params(request)
 
-    # get all tags
+    excluded_tags = current_app.config.get('EXCLUDED_TAGS')
     all_tags = db_session.query(Tag).all()
     tags_to_posts = {}
     nonzero_tags = []
@@ -54,7 +54,8 @@ def render_batch_tags():
             db_session.delete(tag)
             db_session.commit()
 
-        tags_to_posts[tag.id] = [(post.path, post.title) for post in posts]
+        tags_to_posts[tag.id] = [(post.path, post.title) for post in posts if
+                                 post.is_published and not post.contains_excluded_tags]
         nonzero_tags.append(tag)
         # so that we can use the tag in the jinja template
         db_session.expunge(tag)
@@ -119,6 +120,9 @@ def render_tag_pages():
     if tag[0] == '#':
         tag = tag[1:]
 
+    if tag in current_app.config.get('EXCLUDED_TAGS'):
+        return render_template('error.html')
+
     tag_obj = (db_session.query(Tag)
                .filter(Tag.name == tag)
                .first())
@@ -211,6 +215,11 @@ def toggle_tag_subscription():
     try:
         # retrieve relevant tag and user args from request
         tag_name = request.args.get('tag_name', '')
+
+        if tag_name in current_app.config.get('EXCLUDED_TAGS'):
+            logging.warning("Trying to subscribe to an excluded tag")
+            return ""
+
         subscribe_action = request.args.get('subscribe_action', '')
         if subscribe_action not in ['unsubscribe', 'subscribe']:
             logging.warning("ERROR processing request")

knowledge_repo/app/utils/emails.py

@@ -14,9 +14,6 @@
 
 logger = logging.getLogger(__name__)
 
-# TODO move me to config
-TAGS_EXCLUDED_FROM_SUBSCRIPTION_EMAILS = ['other/private', 'private']
-
 
 def usernames_to_emails(usernames):
     username_to_email = current_repo.config.username_to_email
@@ -62,7 +59,7 @@ def send_subscription_emails(post):
     # if this post is tagged as private - send no emails
     post_full_tags = [tag.name for tag in post.tags]
     for full_tag in post_full_tags:
-        if full_tag in TAGS_EXCLUDED_FROM_SUBSCRIPTION_EMAILS:
+        if full_tag in current_app.config.get("EXCLUDED_TAGS"):
             return
     for tag in post.tags:
         send_subscription_email(post, tag)

knowledge_repo/app/utils/posts.py

@@ -4,6 +4,7 @@
     - get_posts
     - get_all_post_stats
 """
+from flask import current_app
 from sqlalchemy import func, distinct, or_
 
 from ..app import db_session
@@ -33,12 +34,10 @@ def get_posts(feed_params):
     # make sure post is published
     query = (db_session.query(Post).filter(Post.is_published))
 
-    # if a private tag exists, make sure that post
-    private_tag = (db_session.query(Tag)
-                   .filter(Tag.name == 'other/private')
-                   .first())
-    if private_tag is not None:
-        query = query.filter(~Post.tags.contains(private_tag))
+    # posts returned should not include any posts in the excluded tags
+    excluded_tags = current_app.config.get('EXCLUDED_TAGS')
+    if excluded_tags:
+        query = query.filter(~Post.tags.any(Tag.name.in_(excluded_tags)))
 
     # filter out based on feed param filters
     filters = feed_params['filters']

resources/server_config.py

@@ -83,3 +83,11 @@ def prepare_repo(repo):
 # WEB_EDITOR_PREFIXES to a list of supported path prefixes.
 # e.g. ['webposts', 'projects']
 WEB_EDITOR_PREFIXES = ['webposts']
+
+
+# ---------------------------------------------------
+# Tag configuration
+# ---------------------------------------------------
+# Posts with certain tags can be excluded from showing up
+# in the app. This can be useful for security purposes
+EXCLUDED_TAGS = ['private']

tests/config_server.py

@@ -88,3 +88,10 @@ def prepare_repo(repo):
 # WEB_EDITOR_PREFIXES to a list of supported path prefixes.
 # e.g. ['webposts', 'projects']
 WEB_EDITOR_PREFIXES = None
+
+# ---------------------------------------------------
+# Tag configuration
+# ---------------------------------------------------
+# Posts with certain tags can be excluded from showing up
+# in the app. This can be useful for security purposes
+EXCLUDED_TAGS = ['private']