OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
500 Commits
13 Branches
0 Tags
45 MiB
Tree: 33a8e512dd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '33a8e512dd'
${ noResults }
server-tools/sql_view/models/sql_view.py

174 lines
6.9 KiB
Raw Normal View History

Add module sql_view (basic model+view)
9 years ago
Validate validness of the SQL view's name
9 years ago
Add create and drop of SQL views
9 years ago
Add module sql_view (basic model+view)
9 years ago
Add create and drop of SQL views
9 years ago
Add module sql_view (basic model+view)
9 years ago
Validate validness of the SQL view's name
9 years ago
Add module sql_view (basic model+view)
9 years ago
Add create and drop of SQL views
9 years ago
Add module sql_view (basic model+view)
9 years ago
Add translation template and French translation
9 years ago
Add module sql_view (basic model+view)
9 years ago
on_change shows the complete SQL name
9 years ago
Add create and drop of SQL views
9 years ago
on_change shows the complete SQL name
9 years ago
Add create and drop of SQL views
9 years ago
Add module sql_view (basic model+view)
9 years ago
Validate validness of the SQL view's name
9 years ago
Add create and drop of SQL views
9 years ago
Add module sql_view (basic model+view)
9 years ago
Validate validness of the SQL view's name
9 years ago
Forbid SQL injection by checking unbalanced parenthesis
9 years ago
Validate validness of the SQL view's name
9 years ago
Forbid SQL injection by checking unbalanced parenthesis
9 years ago
Validate validness of the SQL view's name
9 years ago
Add create and drop of SQL views
9 years ago
Add unique constraint on the view's name in PG
9 years ago
Add create and drop of SQL views
9 years ago
on_change shows the complete SQL name
9 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. #
  4. # Authors: Guewen Baconnier
  5. # Copyright 2015 Camptocamp SA
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. #
  22. import re
  23. import psycopg2
  24. from openerp.osv import orm, fields
  25. from openerp.tools.translate import _
  27. # views are created with a prefix to prevent conflicts
  28. SQL_VIEW_PREFIX = u'sql_view_'
  29. # 63 chars is the length of a postgres identifier
  30. USER_NAME_SIZE = 63 - len(SQL_VIEW_PREFIX)
  32. PG_NAME_RE = re.compile(r'^[a-z_][a-z0-9_$]*$', re.I)
  35. class SQLView(orm.Model):
  36. _name = 'sql.view'
  37. _description = 'SQL Views'
  39. def _complete_from_sql_name(self, cr, uid, sql_name, context=None):
  40. return SQL_VIEW_PREFIX + (sql_name or '')
  42. def _compute_complete_sql_name(self, cr, uid, ids, name, args,
  43. context=None):
  44. res = {}
  45. for sql_view in self.browse(cr, uid, ids, context=context):
  46. res[sql_view.id] = self._complete_from_sql_name(cr, uid,
  47. sql_view.sql_name,
  48. context=context)
  49. return res
  51. _columns = {
  52. 'name': fields.char(string='View Name', required=True),
  53. 'sql_name': fields.char(string='SQL Name', required=True,
  54. size=USER_NAME_SIZE,
  55. help="Name of the view. Will be prefixed "
  56. "by %s" % (SQL_VIEW_PREFIX,)),
  57. 'complete_sql_name': fields.function(_compute_complete_sql_name,
  58. string='Complete SQL Name',
  59. readonly=True,
  60. type='char'),
  61. 'definition': fields.text(string='Definition', required=True),
  62. }
  64. def _check_sql_name(self, cr, uid, ids, context=None):
  65. records = self.browse(cr, uid, ids, context=context)
  66. return all(PG_NAME_RE.match(record.sql_name) for record in records)
  68. def _check_definition(self, cr, uid, ids, context=None):
  69. """ Forbid a SQL definition with unbalanced parenthesis.
  71. The reason is that the view's definition will be enclosed in:
  73. CREATE VIEW {view_name} AS ({definition})
  75. The parenthesis around the definition prevent users to inject
  76. and execute arbitrary queries after the SELECT part (by using a
  77. semicolon). However, it would still be possible to craft a
  78. definition like the following which would close the parenthesis
  79. and start a new query:
  81. SELECT * FROM res_users); DELETE FROM res_users WHERE id IN (1
  83. This is no longer possible if we ensure that we don't have an
  84. unbalanced closing parenthesis.
  86. """
  87. for record in self.browse(cr, uid, ids, context=context):
  88. balanced = 0
  89. for char in record.definition:
  90. if char == '(':
  91. balanced += 1
  92. elif char == ')':
  93. balanced -= 1
  94. if balanced == -1:
  95. return False
  96. return True
  98. _constraints = [
  99. (_check_sql_name,
  100. 'The SQL name is not a valid PostgreSQL identifier',
  101. ['sql_name']),
  102. (_check_definition,
  103. 'This SQL definition is not allowed',
  104. ['definition']),
  105. ]
  107. _sql_constraints = [
  108. ('sql_name_uniq', 'unique (sql_name)',
  109. 'Another view has the same SQL name.')
  110. ]
  112. def _sql_view_comment(self, cr, uid, sql_view, context=None):
  113. return "%s (created by the module sql_view)" % sql_view.name
  115. def _create_or_replace_sql_view(self, cr, uid, sql_view, context=None):
  116. view_name = sql_view.complete_sql_name
  117. try:
  118. # The parenthesis around the definition are important:
  119. # they prevent to insert a semicolon and another query after
  120. # the view declaration
  121. cr.execute(
  122. "CREATE VIEW {view_name} AS ({definition})".format(
  123. view_name=view_name,
  124. definition=sql_view.definition)
  125. )
  126. except psycopg2.ProgrammingError as err:
  127. raise orm.except_orm(
  128. _('Error'),
  129. _('The definition of the view is not correct:\n\n%s') % (err,)
  130. )
  131. comment = self._sql_view_comment(cr, uid, sql_view, context=context)
  132. cr.execute(
  133. "COMMENT ON VIEW {view_name} IS %s".format(view_name=view_name),
  134. (comment,)
  135. )
  137. def _delete_sql_view(self, cr, uid, sql_view, context=None):
  138. view_name = sql_view.complete_sql_name
  139. cr.execute("DROP view IF EXISTS %s" % (view_name,))
  141. def create(self, cr, uid, vals, context=None):
  142. record_id = super(SQLView, self).create(cr, uid, vals,
  143. context=context)
  145. record = self.browse(cr, uid, record_id, context=context)
  146. self._create_or_replace_sql_view(cr, uid, record, context=context)
  147. return record_id
  149. def write(self, cr, uid, ids, vals, context=None):
  150. # If the name has been changed, we have to drop the view,
  151. # it will be created with the new name.
  152. # If the definition have been changed, we better have to delete
  153. # it and create it again otherwise we can have 'cannot drop
  154. # columns from view' errors.
  155. for record in self.browse(cr, uid, ids, context=context):
  156. self._delete_sql_view(cr, uid, record, context=context)
  158. result = super(SQLView, self).write(cr, uid, ids, vals,
  159. context=context)
  160. for record in self.browse(cr, uid, ids, context=context):
  161. self._create_or_replace_sql_view(cr, uid, record,
  162. context=context)
  163. return result
  165. def unlink(self, cr, uid, ids, context=None):
  166. for record in self.browse(cr, uid, ids, context=context):
  167. self._delete_sql_view(cr, uid, record, context=context)
  168. result = super(SQLView, self).unlink(cr, uid, ids, context=context)
  169. return result
  171. def onchange_sql_name(self, cr, uid, ids, sql_name, context=None):
  172. complete_name = self._complete_from_sql_name(cr, uid, sql_name,
  173. context=context)
  174. return {'value': {'complete_sql_name': complete_name}}