Plugins (e.g. LatestPostsPlugin) ignore publication window (date_published / date_published_end) #68
Description
I encountered an issue where plugins inheriting from BasePostPlugin (such as LatestPostsPlugin and FeaturedPostsPlugin) display posts that are outside their publication window.
Specifically, posts with a date_published_end set in the past are still visible in the "Latest Articles" plugin on the frontend for public (non-staff) users.
Root Cause: Looking at djangocms_stories/models.py, the method BasePostPlugin.post_content_queryset retrieves the posts based on language and app config, but it lacks the filtering logic for date_published and date_published_end.
Unlike the Django CMS core behavior, it does not automatically exclude expired or future posts for unprivileged users.
Location: djangocms_stories/models.py -> class BasePostPlugin -> def post_content_queryset
Suggested Fix: The queryset should filter against timezone.now() when the user is not a staff member. Here is a proposed fix for models.py:
Python
from django.utils.timezone import now
from django.db.models import Q
... inside BasePostPlugin class ...
def post_content_queryset(self, request=None, selected_posts=None):
language = translation.get_language()
# ... existing logic to fetch initial queryset ...
if (
request
and getattr(request, "toolbar", False)
and (request.toolbar.edit_mode_active or request.toolbar.preview_mode_active)
):
post_contents = PostContent.admin_manager.latest_content()
else:
post_contents = PostContent.objects.all()
# ... existing filtering ...
# PROPOSED ADDITION:
if request and not request.user.is_staff:
current_time = now()
post_contents = post_contents.filter(
Q(post__date_published__lte=current_time) | Q(post__date_published__isnull=True),
Q(post__date_published_end__gte=current_time) | Q(post__date_published_end__isnull=True)
)
# ... return optimized queryset ...
return self.optimize(post_contents)
Steps to reproduce:
Create a Story/Post.
Set date_published_end to a past date.
Add a LatestPostsPlugin to a page.
View the page as an anonymous user (logged out).
The expired post is still visible in the list.