Browse Source
Add sql export module (migration from v7)
Add sql export module (migration from v7)
Add rollback after executing query as a double security with blacklist terms add known issue in readmepull/1554/head
Florian da Costa
9 years ago
committed by
David Beal
15 changed files with 730 additions and 0 deletions
-
56sql_export/README.rst
-
2sql_export/__init__.py
-
39sql_export/__openerp__.py
-
142sql_export/i18n/fr.po
-
142sql_export/i18n/sql_export.pot
-
3sql_export/security/ir.model.access.csv
-
21sql_export/security/sql_export_security.xml
-
149sql_export/sql_export.py
-
56sql_export/sql_export_view.xml
-
BINsql_export/static/description/icon.png
-
2sql_export/tests/__init__.py
-
71sql_export/tests/test_sql_query.py
-
1sql_export/wizard/__init__.py
-
29sql_export/wizard/wizard_file.py
-
17sql_export/wizard/wizard_file_view.xml
@ -0,0 +1,56 @@ |
|||
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
|||
:alt: License: AGPL-3 |
|||
|
|||
SQL Export |
|||
========== |
|||
|
|||
Allow to export data in csv files FROM sql requests. |
|||
There are some restrictions in the sql sql request, you can only read datas. |
|||
No update, deletion or creation are possible. |
|||
A new menu named Export is created. |
|||
|
|||
Known issues / Roadmap |
|||
====================== |
|||
|
|||
Some words are prohibeted and can't be used is the query in anyways, even in a select query : |
|||
|
|||
* delete |
|||
* drop |
|||
* insert |
|||
* alter |
|||
* truncate |
|||
* execute |
|||
* create |
|||
* update |
|||
|
|||
|
|||
Bug Tracker |
|||
=========== |
|||
|
|||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_. |
|||
In case of trouble, please check there if your issue has already been reported. |
|||
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback |
|||
`here <https://github.com/OCA/server-tools/issues/new?body=module:%20sql_export%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
|||
|
|||
Credits |
|||
======= |
|||
|
|||
Contributors |
|||
------------ |
|||
|
|||
* Florian da Costa <florian.dacosta@akretion.com> |
|||
|
|||
Maintainer |
|||
---------- |
|||
|
|||
.. image:: http://odoo-community.org/logo.png |
|||
:alt: Odoo Community Association |
|||
:target: http://odoo-community.org |
|||
|
|||
This module is maintained by the OCA. |
|||
|
|||
OCA, or the Odoo Community Association, is a nonprofit organization whose |
|||
mission is to support the collaborative development of Odoo features and |
|||
promote its widespread use. |
|||
|
|||
To contribute to this module, please visit http://odoo-community.org. |
@ -0,0 +1,2 @@ |
|||
from . import sql_export |
|||
from . import wizard |
@ -0,0 +1,39 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# OpenERP, Open Source Management Solution |
|||
# Copyright (C) 2015 Akretion (<http://www.akretion.com>). |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
{'name': 'SQL Export', |
|||
'version': '0.1', |
|||
'author': 'Akretion,Odoo Community Association (OCA)', |
|||
'website': 'http://www.akretion.com', |
|||
'license': 'AGPL-3', |
|||
'category': 'Generic Modules/Others', |
|||
'summary': 'Export data in csv file with SQL requests', |
|||
'depends': ['base', |
|||
], |
|||
'data': [ |
|||
'sql_export_view.xml', |
|||
'wizard/wizard_file_view.xml', |
|||
'security/sql_export_security.xml', |
|||
'security/ir.model.access.csv', |
|||
], |
|||
'installable': True, |
|||
'images': [], |
|||
} |
@ -0,0 +1,142 @@ |
|||
# Translation of Odoo Server. |
|||
# This file contains the translation of the following modules: |
|||
# * sql_export |
|||
# |
|||
msgid "" |
|||
msgstr "" |
|||
"Project-Id-Version: Odoo Server 8.0\n" |
|||
"Report-Msgid-Bugs-To: \n" |
|||
"POT-Creation-Date: 2016-02-05 13:10+0000\n" |
|||
"PO-Revision-Date: 2016-02-05 13:10+0000\n" |
|||
"Last-Translator: <>\n" |
|||
"Language-Team: \n" |
|||
"MIME-Version: 1.0\n" |
|||
"Content-Type: text/plain; charset=UTF-8\n" |
|||
"Content-Transfer-Encoding: \n" |
|||
"Plural-Forms: \n" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.model,name:sql_export.model_sql_file_wizard |
|||
msgid "Allow the user to save the file with sql request's data" |
|||
msgstr "Permet à l'utilisateur de sauvegarder le fichier contenant les données de la requête SQL" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,group_ids:0 |
|||
msgid "Allowed Groups" |
|||
msgstr "Groupes Autorisés" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
#: field:sql.export,user_ids:0 |
|||
msgid "Allowed Users" |
|||
msgstr "Utilisateurs Autorisés" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "Allowed Users Groups" |
|||
msgstr "Groupes d'utilisateurs Autorisés" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,copy_options:0 |
|||
msgid "Copy Options" |
|||
msgstr "Copy Options" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,create_uid:0 |
|||
#: field:sql.file.wizard,create_uid:0 |
|||
msgid "Created by" |
|||
msgstr "Créé par" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,create_date:0 |
|||
#: field:sql.file.wizard,create_date:0 |
|||
msgid "Created on" |
|||
msgstr "Créé le" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form |
|||
msgid "Csv File" |
|||
msgstr "Fichier CSV" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "Execute Query" |
|||
msgstr "Exécuter" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.file.wizard,binary_file:0 |
|||
msgid "File" |
|||
msgstr "Fichier" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.file.wizard,file_name:0 |
|||
msgid "File Name" |
|||
msgstr "Nom du fichier" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,id:0 |
|||
#: field:sql.file.wizard,id:0 |
|||
msgid "ID" |
|||
msgstr "ID" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,write_uid:0 |
|||
#: field:sql.file.wizard,write_uid:0 |
|||
msgid "Last Updated by" |
|||
msgstr "Last Updated by" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,write_date:0 |
|||
#: field:sql.file.wizard,write_date:0 |
|||
msgid "Last Updated on" |
|||
msgstr "Last Updated on" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,name:0 |
|||
msgid "Name" |
|||
msgstr "Nom" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,query:0 |
|||
msgid "Query" |
|||
msgstr "Requête" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.actions.act_window,name:sql_export.sql_export_tree_action |
|||
#: view:sql.export:sql_export.sql_export_view_tree |
|||
msgid "SQL Export" |
|||
msgstr "SQL Export" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.model,name:sql_export.model_sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "SQL export" |
|||
msgstr "Export SQL" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.ui.menu,name:sql_export.sql_export_menu |
|||
#: model:ir.ui.menu,name:sql_export.sql_export_menu_view |
|||
msgid "Sql Export" |
|||
msgstr "Export SQL" |
|||
|
|||
#. module: sql_export |
|||
#: model:res.groups,name:sql_export.group_sql_request_editor |
|||
msgid "Sql Request Editor" |
|||
msgstr "Edition de Requête SQL" |
|||
|
|||
#. module: sql_export |
|||
#: code:addons/sql_export/sql_export.py:132 |
|||
#, python-format |
|||
msgid "The Sql query is not valid." |
|||
msgstr "La requête SQL n'est pas valide" |
|||
|
|||
#. module: sql_export |
|||
#: constraint:sql.export:0 |
|||
msgid "The query you want make is not allowed : prohibited actions (delete, drop, insert, alter, truncate, execute, create, update)" |
|||
msgstr "La requête que vous voulez faire n'est pas autorisée : actions interdites (delete, drop, insert, alter, truncate, execute, create, update)" |
|||
|
|||
#. module: sql_export |
|||
#: help:sql.export,query:0 |
|||
msgid "You can't use the following word : delete, drop, create, insert, alter, truncate, execute, update" |
|||
msgstr "Vous ne pouvez pas utiliser les mots suivants : delete, drop, create, insert, alter, truncate, execute, update" |
|||
|
@ -0,0 +1,142 @@ |
|||
# Translation of Odoo Server. |
|||
# This file contains the translation of the following modules: |
|||
# * sql_export |
|||
# |
|||
msgid "" |
|||
msgstr "" |
|||
"Project-Id-Version: Odoo Server 8.0\n" |
|||
"Report-Msgid-Bugs-To: \n" |
|||
"POT-Creation-Date: 2016-02-05 13:10+0000\n" |
|||
"PO-Revision-Date: 2016-02-05 13:10+0000\n" |
|||
"Last-Translator: <>\n" |
|||
"Language-Team: \n" |
|||
"MIME-Version: 1.0\n" |
|||
"Content-Type: text/plain; charset=UTF-8\n" |
|||
"Content-Transfer-Encoding: \n" |
|||
"Plural-Forms: \n" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.model,name:sql_export.model_sql_file_wizard |
|||
msgid "Allow the user to save the file with sql request's data" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,group_ids:0 |
|||
msgid "Allowed Groups" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
#: field:sql.export,user_ids:0 |
|||
msgid "Allowed Users" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "Allowed Users Groups" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,copy_options:0 |
|||
msgid "Copy Options" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,create_uid:0 |
|||
#: field:sql.file.wizard,create_uid:0 |
|||
msgid "Created by" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,create_date:0 |
|||
#: field:sql.file.wizard,create_date:0 |
|||
msgid "Created on" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form |
|||
msgid "Csv File" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "Execute Query" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.file.wizard,binary_file:0 |
|||
msgid "File" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.file.wizard,file_name:0 |
|||
msgid "File Name" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,id:0 |
|||
#: field:sql.file.wizard,id:0 |
|||
msgid "ID" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,write_uid:0 |
|||
#: field:sql.file.wizard,write_uid:0 |
|||
msgid "Last Updated by" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,write_date:0 |
|||
#: field:sql.file.wizard,write_date:0 |
|||
msgid "Last Updated on" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,name:0 |
|||
msgid "Name" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: field:sql.export,query:0 |
|||
msgid "Query" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.actions.act_window,name:sql_export.sql_export_tree_action |
|||
#: view:sql.export:sql_export.sql_export_view_tree |
|||
msgid "SQL Export" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.model,name:sql_export.model_sql_export |
|||
#: view:sql.export:sql_export.sql_export_view_form |
|||
msgid "SQL export" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: model:ir.ui.menu,name:sql_export.sql_export_menu |
|||
#: model:ir.ui.menu,name:sql_export.sql_export_menu_view |
|||
msgid "Sql Export" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: model:res.groups,name:sql_export.group_sql_request_editor |
|||
msgid "Sql Request Editor" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: code:addons/sql_export/sql_export.py:132 |
|||
#, python-format |
|||
msgid "The Sql query is not valid." |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: constraint:sql.export:0 |
|||
msgid "The query you want make is not allowed : prohibited actions (delete, drop, insert, alter, truncate, execute, create, update)" |
|||
msgstr "" |
|||
|
|||
#. module: sql_export |
|||
#: help:sql.export,query:0 |
|||
msgid "You can't use the following word : delete, drop, create, insert, alter, truncate, execute, update" |
|||
msgstr "" |
|||
|
@ -0,0 +1,3 @@ |
|||
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" |
|||
"access_sql_export_all","access_sql_export_all","model_sql_export",,1,0,0,0 |
|||
"access_sql_export_editor","access_sql_export_editor","model_sql_export",group_sql_request_editor,1,1,1,1 |
@ -0,0 +1,21 @@ |
|||
<?xml version="1.0" encoding="utf-8"?> |
|||
<openerp> |
|||
<data noupdate="0"> |
|||
|
|||
<record model="res.groups" id="group_sql_request_editor"> |
|||
<field name="name">Sql Request Editor</field> |
|||
<field name="users" eval="[(4, ref('base.user_root'))]"/> |
|||
</record> |
|||
|
|||
<record model="ir.rule" id="sql_export_restric_access_user_or_group"> |
|||
<field name="name" >SQL Export users and groups rules</field> |
|||
<field name="model_id" ref="model_sql_export"/> |
|||
<field eval="1" name="perm_read"/> |
|||
<field eval="0" name="perm_create"/> |
|||
<field eval="0" name="perm_write"/> |
|||
<field eval="0" name="perm_unlink"/> |
|||
<field name="domain_force">['|', ('user_ids','=',user.id), ('group_ids','in', [x.id for x in user.groups_id])]</field> |
|||
</record> |
|||
|
|||
</data> |
|||
</openerp> |
@ -0,0 +1,149 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# OpenERP, Open Source Management Solution |
|||
# Copyright (C) 2015 Akretion (<http://www.akretion.com>). |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
import StringIO |
|||
import base64 |
|||
import datetime |
|||
import re |
|||
from openerp import models, fields, api, _, exceptions |
|||
from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT |
|||
import uuid |
|||
|
|||
|
|||
class SqlExport(models.Model): |
|||
_name = "sql.export" |
|||
_description = "SQL export" |
|||
|
|||
PROHIBITED_WORDS = [ |
|||
'delete', |
|||
'drop', |
|||
'insert', |
|||
'alter', |
|||
'truncate', |
|||
'execute', |
|||
'create', |
|||
'update' |
|||
] |
|||
|
|||
@api.multi |
|||
def _check_query_allowed(self): |
|||
for obj in self: |
|||
query = obj.query.lower() |
|||
for word in self.PROHIBITED_WORDS: |
|||
expr = r'\b%s\b' % word |
|||
is_not_safe = re.search(expr, query) |
|||
if is_not_safe: |
|||
return False |
|||
return True |
|||
|
|||
@api.model |
|||
def _get_editor_group(self): |
|||
ir_model_obj = self.env['ir.model.data'] |
|||
return [ir_model_obj.xmlid_to_res_id( |
|||
'sql_export.group_sql_request_editor')] |
|||
|
|||
name = fields.Char('Name', required=True) |
|||
query = fields.Text( |
|||
'Query', |
|||
required=True, |
|||
help="You can't use the following word : delete, drop, create, " |
|||
"insert, alter, truncate, execute, update") |
|||
copy_options = fields.Char( |
|||
'Copy Options', |
|||
required=True, |
|||
default="CSV HEADER DELIMITER ';'") |
|||
group_ids = fields.Many2many( |
|||
'res.groups', |
|||
'groups_sqlquery_rel', |
|||
'sql_id', |
|||
'group_id', |
|||
'Allowed Groups', |
|||
default=_get_editor_group) |
|||
user_ids = fields.Many2many( |
|||
'res.users', |
|||
'users_sqlquery_rel', |
|||
'sql_id', |
|||
'user_id', |
|||
'Allowed Users') |
|||
|
|||
_constraints = [(_check_query_allowed, |
|||
'The query you want make is not allowed : prohibited ' |
|||
'actions (%s)' % ', '.join(PROHIBITED_WORDS), |
|||
['query'])] |
|||
|
|||
@api.multi |
|||
def export_sql_query(self): |
|||
for obj in self: |
|||
today = datetime.datetime.now() |
|||
today_tz = fields.Datetime.context_timestamp( |
|||
obj, today) |
|||
date = today_tz.strftime(DEFAULT_SERVER_DATETIME_FORMAT) |
|||
output = StringIO.StringIO() |
|||
query = "COPY (" + obj.query + ") TO STDOUT WITH " + \ |
|||
obj.copy_options |
|||
name = 'export_query_%s' % uuid.uuid1().hex |
|||
self.env.cr.execute("SAVEPOINT %s" % name) |
|||
try: |
|||
self.env.cr.copy_expert(query, output) |
|||
output.getvalue() |
|||
new_output = base64.b64encode(output.getvalue()) |
|||
output.close() |
|||
finally: |
|||
self.env.cr.execute("ROLLBACK TO SAVEPOINT %s" % name) |
|||
wiz = self.env['sql.file.wizard'].create( |
|||
{ |
|||
'binary_file': new_output, |
|||
'file_name': obj.name + '_' + date + '.csv'}) |
|||
return { |
|||
'view_type': 'form', |
|||
'view_mode': 'form', |
|||
'res_model': 'sql.file.wizard', |
|||
'res_id': wiz.id, |
|||
'type': 'ir.actions.act_window', |
|||
'target': 'new', |
|||
'context': self._context, |
|||
'nodestroy': True, |
|||
} |
|||
|
|||
@api.model |
|||
def check_query_syntax(self, vals): |
|||
if vals.get('query', False): |
|||
vals['query'] = vals['query'].strip() |
|||
if vals['query'][-1] == ';': |
|||
vals['query'] = vals['query'][:-1] |
|||
try: |
|||
self.env.cr.execute(vals['query']) |
|||
except: |
|||
raise exceptions.Warning( |
|||
_("The Sql query is not valid.")) |
|||
finally: |
|||
self.env.cr.rollback() |
|||
return vals |
|||
|
|||
@api.multi |
|||
def write(self, vals): |
|||
vals = self.check_query_syntax(vals) |
|||
return super(SqlExport, self).write(vals) |
|||
|
|||
@api.model |
|||
def create(self, vals): |
|||
vals = self.check_query_syntax(vals) |
|||
return super(SqlExport, self).create(vals) |
@ -0,0 +1,56 @@ |
|||
<?xml version="1.0" encoding="utf-8"?> |
|||
<openerp> |
|||
<data> |
|||
|
|||
|
|||
<record id="sql_export_view_form" model="ir.ui.view"> |
|||
<field name="name">Sql_export_form_view</field> |
|||
<field name="model">sql.export</field> |
|||
<field name="arch" type="xml"> |
|||
<form string="SQL export"> |
|||
<group col="2"> |
|||
<group colspan="2" col="5"> |
|||
<label for="name" colspan="1"/> |
|||
<field name="name" colspan="2" nolabel="1"/> |
|||
<button name="export_sql_query" string="Execute Query" type="object" class="oe_highlight" icon="gtk-execute" colspan="2"/> |
|||
<label for="query" colspan="1"/> |
|||
<field name="query" nolabel="1" colspan="4"/> |
|||
<label for="Copy Options" colspan="1"/> |
|||
<field name="copy_options" nolabel="1" colspan="4"/> |
|||
</group> |
|||
<group colspan="2" col="2" groups="sql_export.group_sql_request_editor"> |
|||
<separator string="Allowed Users" colspan="1"/> |
|||
<separator string="Allowed Users Groups" colspan="1"/> |
|||
<field name="user_ids" nolabel="1"/> |
|||
<field name="group_ids" nolabel="1"/> |
|||
</group> |
|||
</group> |
|||
</form> |
|||
</field> |
|||
</record> |
|||
|
|||
<record id="sql_export_view_tree" model="ir.ui.view"> |
|||
<field name="name">Sql_export_tree_view</field> |
|||
<field name="model">sql.export</field> |
|||
<field name="arch" type="xml"> |
|||
<tree string="SQL Export"> |
|||
<field name="name"/> |
|||
</tree> |
|||
</field> |
|||
</record> |
|||
|
|||
<record id="sql_export_tree_action" model="ir.actions.act_window"> |
|||
<field name="name">SQL Export</field> |
|||
<field name="res_model">sql.export</field> |
|||
<field name="view_type">form</field> |
|||
<field name="view_mode">tree,form</field> |
|||
</record> |
|||
|
|||
|
|||
<menuitem id="sql_export_menu" name="Sql Export" parent="base.menu_reporting" sequence="80"/> |
|||
|
|||
<menuitem id="sql_export_menu_view" name="Sql Export" parent="sql_export_menu" action="sql_export_tree_action" sequence="1"/> |
|||
|
|||
|
|||
</data> |
|||
</openerp> |
After Width: 128 | Height: 128 | Size: 9.2 KiB |
@ -0,0 +1,2 @@ |
|||
# -*- coding: utf-8 -*- |
|||
from . import test_sql_query |
@ -0,0 +1,71 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Florian da Costa |
|||
# Copyright 2015 Akretion |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distnaributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
import base64 |
|||
from openerp.tests.common import TransactionCase |
|||
from openerp import exceptions |
|||
|
|||
|
|||
class TestExportSqlQuery(TransactionCase): |
|||
|
|||
def setUp(self): |
|||
super(TestExportSqlQuery, self).setUp() |
|||
query_vals = { |
|||
'name': 'test', |
|||
'query': "SELECT name, street FROM res_partner;" |
|||
} |
|||
self.sql_model = self.registry('sql.export') |
|||
self.query_id = self.sql_model.create( |
|||
self.cr, |
|||
self.uid, |
|||
query_vals) |
|||
|
|||
def test_sql_query(self): |
|||
test = self.sql_model.export_sql_query( |
|||
self.cr, self.uid, [self.query_id]) |
|||
wizard = self.registry('sql.file.wizard').browse( |
|||
self.cr, self.uid, test['res_id']) |
|||
export = base64.b64decode(wizard.binary_file) |
|||
self.assertEqual(export.split(';')[0], 'name') |
|||
self.assertTrue(len(export.split(';')) > 6) |
|||
|
|||
def test_prohibited_queries_creation(self): |
|||
prohibited_queries = [ |
|||
"upDaTe res_partner SET name = 'test' WHERE id = 1", |
|||
"DELETE FROM sql_export WHERE name = 'test';", |
|||
" DELETE FROM sql_export WHERE name = 'test' ;", |
|||
"""DELETE |
|||
FROM |
|||
sql_export |
|||
WHERE name = 'test' |
|||
""", |
|||
] |
|||
for query in prohibited_queries: |
|||
with self.assertRaises(exceptions.ValidationError): |
|||
self.sql_model.create( |
|||
self.cr, self.uid, |
|||
{'name': 'test_prohibited', |
|||
'query': query}) |
|||
ok_query = { |
|||
'name': 'test ok', |
|||
'query': "SELECT create_date FROM res_partner" |
|||
} |
|||
query_id = self.sql_model.create(self.cr, self.uid, ok_query) |
|||
self.assertIsNotNone(query_id) |
@ -0,0 +1 @@ |
|||
from . import wizard_file |
@ -0,0 +1,29 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# OpenERP, Open Source Management Solution |
|||
# Copyright (C) 2015 Akretion (<http://www.akretion.com>). |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
from openerp import models, fields |
|||
|
|||
|
|||
class SqlFileWizard(models.TransientModel): |
|||
_name = "sql.file.wizard" |
|||
_description = "Allow the user to save the file with sql request's data" |
|||
|
|||
binary_file = fields.Binary('File', required=True, readonly=True) |
|||
file_name = fields.Char('File Name', readonly=True) |
@ -0,0 +1,17 @@ |
|||
<?xml version="1.0" encoding="utf-8"?> |
|||
<openerp> |
|||
<data> |
|||
|
|||
<record id="sql_file_wizard_view_form" model="ir.ui.view"> |
|||
<field name="name">sql.file.wizard.view.form</field> |
|||
<field name="model">sql.file.wizard</field> |
|||
<field name="arch" type="xml"> |
|||
<form string="Csv File"> |
|||
<field name="binary_file" filename="file_name"/> |
|||
<field name="file_name" invisible="1"/> |
|||
</form> |
|||
</field> |
|||
</record> |
|||
|
|||
</data> |
|||
</openerp> |
Write
Preview
Loading…
Cancel
Save
Reference in new issue