fix: Prevent publishing blog posts that have future publish date

[ishanBahuguna]

Proposed change

Resolves #2327

Update recent_posts method to filter posts by publish date and order by most recent

This PR updates the recent_posts() static method in the Post model to ensure only posts published up to the current time are returned, ordered by most recent first.

Checklist

• I've read and followed the contributing guidelines.
• I've run make check-test locally; all checks and tests passed.

[coderabbitai]

Summary by CodeRabbit

• Bug Fixes

  • Recent posts now correctly display only published content, excluding future-dated and unpublished posts from the list.

• Tests

  • Enhanced test coverage for recent posts filtering and ordering logic to ensure consistent behavior.

Walkthrough

Imported timezone and updated Post.recent_posts to filter posts with published_at <= timezone.now() before ordering by published_at descending. Tests updated to stub/filter by the published_at cutoff and assert ordering on the filtered queryset.

Changes

Cohort / File(s)	Summary
Model filtering logic backend/apps/owasp/models/post.py	Added from django.utils import timezone and changed Post.recent_posts to apply filter(published_at__lte=timezone.now()) before order_by("-published_at").
Test validation backend/tests/apps/owasp/models/post_test.py	Reworked tests to patch Post.objects.filter and timezone.now; assert filter(published_at__lte=...) is called, that order_by("-published_at") runs on the filtered queryset, and that the filtered result is returned.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "fix: Prevent publishing blog posts that have future publish date" directly and clearly summarizes the main objective of the changeset. The code modifications add timezone-based filtering to the recent_posts() method to ensure only posts with a publish date up to the current time are returned, which precisely aligns with the title's intent. The title is concise, specific, and clearly communicates the primary change without vague terms or unnecessary details.
Linked Issues Check	✅ Passed	The code changes directly implement the requirements from issue #2327. The modification to the Post.recent_posts() method now filters posts by published_at__lte=timezone.now() before ordering, which ensures only posts with a publish date up to the current time are returned—the exact behavior specified in the issue. The addition of the timezone import is necessary to support this filtering. The accompanying test changes verify that the filtering works correctly by testing both that filtering by published date occurs and that results are properly ordered. All changes align with the expected behavior stated in the linked issue.
Out of Scope Changes Check	✅ Passed	All code changes in this pull request are directly related to resolving issue #2327. The timezone import addition is necessary to support the date filtering logic, the modification to the recent_posts() method directly implements the fix, and the test updates verify the implementation. No extraneous changes have been introduced outside the scope of the linked issue. The changes are focused, minimal, and purposeful.
Description Check	✅ Passed	The pull request description is clearly related to the changeset and provides meaningful context about the changes. It explicitly references issue #2327 and describes the key modification: updating the recent_posts() method to filter posts by publish date and order by most recent. The description explains the purpose of the change, which is to ensure only posts published up to the current time are returned. While not elaborately detailed, the description adequately conveys the essence of the changes made.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[arkid15r]

LGTM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

backend/tests/apps/owasp/models/post_test.py (1)

110-132: Consider enhancing test to explicitly verify future post exclusion.

The test correctly verifies that filter is called with published_at__lte=current_time and validates the chaining with order_by. However, it could be more comprehensive by including a scenario with a future-dated post to explicitly demonstrate exclusion behavior.

Example enhancement:

@patch("apps.owasp.models.post.timezone.now")
@patch("apps.owasp.models.post.Post.objects.filter")
def test_recent_posts_filters_by_published_date(self, mock_filter, mock_now):
    """Test recent_posts returns only posts published before current time."""
    current_time = datetime(2025, 6, 15, 12, 0, 0, tzinfo=UTC)
    mock_now.return_value = current_time

    past_post = Mock(
        title="Past Post",
        url="https://example.com/past",
        published_at=datetime(2025, 6, 10, 12, 0, 0, tzinfo=UTC),
    )
    
    # Include a future post in the test setup to make exclusion explicit
    future_post = Mock(
        title="Future Post",
        url="https://example.com/future",
        published_at=datetime(2025, 6, 20, 12, 0, 0, tzinfo=UTC),
    )

    mock_queryset = Mock()
    mock_queryset.order_by.return_value = [past_post]  # Only past post in result
    mock_filter.return_value = mock_queryset

    result = Post.recent_posts()

    mock_filter.assert_called_once_with(published_at__lte=current_time)
    mock_queryset.order_by.assert_called_once_with("-published_at")

    assert result == [past_post]
    assert future_post not in result  # Explicitly verify future post exclusion

Note: Since you're mocking filter, the actual Django ORM filtering isn't tested here—only that the method is called correctly. Integration tests with a real database would provide end-to-end verification of the filtering behavior.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df6541a and 5bcff24.

📒 Files selected for processing (2)

• backend/apps/owasp/models/post.py (2 hunks)
• backend/tests/apps/owasp/models/post_test.py (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

backend/tests/apps/owasp/models/post_test.py (1)

backend/apps/owasp/models/post.py (2)

• Post (12-85)
• recent_posts (38-44)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Run Code Scan
• GitHub Check: Run CI Denendencies Scan
• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (3)

backend/apps/owasp/models/post.py (2)

6-6: LGTM! Correct import for timezone-aware datetime.

The timezone import is necessary for the timezone.now() call and ensures timezone-aware datetime handling.

---

40-44: LGTM! Correctly filters and orders posts.

The implementation correctly addresses issue #2327 by filtering posts with published_at__lte=timezone.now() to exclude future-dated posts, then ordering by most recent first. The existing database index on "-published_at" (line 18) will ensure good query performance.

backend/tests/apps/owasp/models/post_test.py (1)

97-109: LGTM! Test correctly verifies ordering on filtered queryset.

The test has been properly updated to patch Post.objects.filter and verify that order_by("-published_at") is called on the filtered queryset, which aligns with the new implementation.