From b263182adabe4a1fff32ed3a1ef765b5e9a68f67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Holger=20Wei=C3=9F?= <holger@zedat.fu-berlin.de>
Date: Wed, 29 Jun 2011 19:12:23 +0200
Subject: New database field: "is_sensitive"

The new "entry.reason.is_sensitive" flag indicates whether the file
contents/diffs were omitted from the database due to the "sensitive"
<Path> attribute.
---
 src/lib/Server/Plugins/DBStats.py                  |  5 +++--
 src/lib/Server/Reports/importscript.py             |  9 +++++++--
 src/lib/Server/Reports/reports/models.py           |  1 +
 .../reports/templates/config_items/item.html       | 22 ++++++++++++++--------
 src/lib/Server/Reports/updatefix.py                |  1 +
 5 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/src/lib/Server/Plugins/DBStats.py b/src/lib/Server/Plugins/DBStats.py
index 103fb7353..8761d282d 100644
--- a/src/lib/Server/Plugins/DBStats.py
+++ b/src/lib/Server/Plugins/DBStats.py
@@ -98,8 +98,9 @@ class DBStats(Bcfg2.Server.Plugin.Plugin,
                 ret.append(getattr(entry.reason, t))
             else:
                 ret.append(getattr(entry.reason, "current_%s" % t))
-
-        if entry.reason.current_diff != '':
+        if entry.reason.is_sensitive:
+            raise Bcfg2.Server.Plugin.PluginExecutionError
+        elif entry.reason.current_diff != '':
             if entry.reason.is_binary:
                 ret.append(binascii.a2b_base64(entry.reason.current_diff))
             else:
diff --git a/src/lib/Server/Reports/importscript.py b/src/lib/Server/Reports/importscript.py
index 68774cec6..7dfac6fae 100755
--- a/src/lib/Server/Reports/importscript.py
+++ b/src/lib/Server/Reports/importscript.py
@@ -40,7 +40,11 @@ from Bcfg2.Bcfg2Py3k import ConfigParser
 
 def build_reason_kwargs(r_ent, encoding, logger):
     binary_file = False
-    if r_ent.get('current_bfile', False):
+    sensitive_file = False
+    if r_ent.get('sensitive') in ['true', 'True']:
+        sensitive_file = True
+        rc_diff = ''
+    elif r_ent.get('current_bfile', False):
         binary_file = True
         rc_diff = r_ent.get('current_bfile')
         if len(rc_diff) > 1024 * 1024:
@@ -74,7 +78,8 @@ def build_reason_kwargs(r_ent, encoding, logger):
                 current_version=r_ent.get('current_version', default=""),
                 current_exists=r_ent.get('current_exists', default="True").capitalize() == "True",
                 current_diff=rc_diff,
-                is_binary=binary_file)
+                is_binary=binary_file,
+                is_sensitive=sensitive_file)
 
 
 def load_stats(cdata, sdata, encoding, vlevel, logger, quick=False, location=''):
diff --git a/src/lib/Server/Reports/reports/models.py b/src/lib/Server/Reports/reports/models.py
index d94b2e1ba..870239641 100644
--- a/src/lib/Server/Reports/reports/models.py
+++ b/src/lib/Server/Reports/reports/models.py
@@ -277,6 +277,7 @@ class Reason(models.Model):
     current_exists = models.BooleanField()  # False means its missing. Default True
     current_diff = models.TextField(max_length=1280, blank=True)
     is_binary = models.BooleanField(default=False)
+    is_sensitive = models.BooleanField(default=False)
 
     def _str_(self):
         return "Reason"
diff --git a/src/lib/Server/Reports/reports/templates/config_items/item.html b/src/lib/Server/Reports/reports/templates/config_items/item.html
index 58aed1684..cc99ef503 100644
--- a/src/lib/Server/Reports/reports/templates/config_items/item.html
+++ b/src/lib/Server/Reports/reports/templates/config_items/item.html
@@ -74,15 +74,21 @@ div.entry_list h3 {
   </table>
   {% endif %}
 
-  {% if item.reason.current_diff %}
-  <div class='entry_list'>
-    <div class='entry_list_head'>
-      <h3>Incorrect file contents</h3>
+  {% if item.reason.current_diff or item.reason.is_sensitive %}
+    <div class='entry_list'>
+      <div class='entry_list_head'>
+        {% if item.reason.is_sensitive %}
+          <h3>File contents unavailable, as they might contain sensitive data.</h3>
+        {% else %}
+          <h3>Incorrect file contents</h3>
+        {% endif %}
+      </div>
+      {% if not item.reason.is_sensitive %}
+        <div class='diff_wrapper'>
+          {{ item.reason.current_diff|syntaxhilight }}
+        </div>
+      {% endif %}
     </div>
-    <div class='diff_wrapper'>
-      {{ item.reason.current_diff|syntaxhilight }}
-    </div>
-  </div>
   {% endif %}
 
 
diff --git a/src/lib/Server/Reports/updatefix.py b/src/lib/Server/Reports/updatefix.py
index 4d3c964f5..7cebaaca9 100644
--- a/src/lib/Server/Reports/updatefix.py
+++ b/src/lib/Server/Reports/updatefix.py
@@ -102,6 +102,7 @@ _fixes = [_merge_database_table_entries,
           _populate_interaction_entry_counts,
           _interactions_constraint_or_idx,
           'alter table reports_reason add is_binary bool NOT NULL default False;',
+          'alter table reports_reason add is_sensitive bool NOT NULL default False;',
 ]
 
 # this will calculate the last possible version of the database
-- 
cgit v1.2.3-1-g7c22