search

bookieio / Bookie

Python based delicious.com replacement
GNU Affero General Public License v3.0
633 stars 138 forks source link

private bookmarks are visible to non-logged in users. #504

Closed mitechie closed 10 years ago

mitechie commented 10 years ago

Diff below is a cowboy fix put into production. Needs to be updated and new tests added to catch it.

diff --git a/bookie/bcelery/celery.py b/bookie/bcelery/celery.py
index 52b9b5d..d913179 100644
--- a/bookie/bcelery/celery.py
+++ b/bookie/bcelery/celery.py
@@ -55,7 +55,7 @@ celery.conf.update(
         },
         'fetch_unfetched': {
             'task': 'bookie.bcelery.tasks.fetch_unfetched_bmark_content',
-            'schedule': timedelta(seconds=60),
+            'schedule': timedelta(seconds=60*60),
         },
     }
 )
diff --git a/bookie/models/__init__.py b/bookie/models/__init__.py
index d405c3a..916a7f6 100644
--- a/bookie/models/__init__.py
+++ b/bookie/models/__init__.py
@@ -41,7 +41,7 @@ from zope.sqlalchemy import ZopeTransactionExtension
 DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
 Base = declarative_base()

-LOG = logging.getLogger(__name__)
+LOG = logging.getLogger('bookie')

 def initialize_sql(settings):
@@ -395,7 +395,9 @@ class BmarkMgr(object):
         if username:
             qry = qry.filter(Bmark.username == username)

-        return qry.one()
+        print qry
+
+        return qry.first()

     @staticmethod
     def get_by_hash(hash_id, username=None):
@@ -420,7 +422,10 @@ class BmarkMgr(object):

         offset = limit * page

-        if requested_by != username:
+        if not requested_by:
+            qry = qry.filter(Bmark.is_private == False)  # noqa
+        elif requested_by != username:
+            print 'PRIVATE'
             qry = qry.filter(Bmark.is_private == False)    # noqa
             # If noqa is not used here the below error occurs with make lint.
             # comparison to False should be 'if cond is False:'
@@ -478,14 +483,18 @@ class BmarkMgr(object):
                 )

         # now outer join with the tags again so that we have the
-        # full list of tags for each bmark we filterd down to
+        # full list of tags for each bmark we filtered down to
         if with_tags:
             qry = qry.outerjoin(Bmark.tags).\
                 options(contains_eager(Bmark.tags))

         qry = qry.options(joinedload('hashed'))

-        return qry.all()
+        print('order by is:')
+        print(order_by)
+        print qry
+
+        return qry.order_by(order_by).all()

     @staticmethod
     def user_dump(username):
@@ -636,7 +645,7 @@ class Bmark(Base):
     stored = Column(DateTime, default=datetime.utcnow)
     updated = Column(DateTime, onupdate=datetime.utcnow)
     clicks = Column(Integer, default=0)
-    is_private = Column(Boolean, nullable=False, default=True)
+    is_private = Column(Boolean, nullable=False, default=False)

     # this could be chrome_extension, firefox_extension, website, browser XX,
     # import, etc
diff --git a/bookie/views/bmarks.py b/bookie/views/bmarks.py
index 72823f1..4d9a051 100644
--- a/bookie/views/bmarks.py
+++ b/bookie/views/bmarks.py
@@ -171,6 +171,7 @@ def edit(request):

         # If user is editing a bookmark, suggested tags will include tags
         # based on readable content also
+        print request.user.username
         if not new:
             tag_suggest = TagMgr.suggestions(
                 bmark=bmark,
mitechie commented 10 years ago

Path fixed and released.