Browse Source

Fix uses of params in sql query

12.0-mig-module_prototyper_last
Florian da Costa 5 years ago
parent
commit
b8efac6bba
  1. 36
      sql_export/demo/sql_export.xml
  2. 16
      sql_export/tests/test_sql_query.py
  3. 34
      sql_export/views/sql_export_view.xml
  4. 7
      sql_export/wizard/wizard_file.py
  5. 7
      sql_request_abstract/models/sql_request_mixin.py

36
sql_export/demo/sql_export.xml

@ -7,6 +7,34 @@ License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
<odoo> <odoo>
<record id="date_field_variable_sql" model="ir.model.fields">
<field name="name">x_date</field>
<field name="field_description">Date</field>
<field name="ttype">date</field>
<field name="model_id" ref="sql_export.model_sql_file_wizard"/>
<field name="model">sql.file.wizard</field>
<field name="state">manual</field>
</record>
<record id="integer_field_variable_sql" model="ir.model.fields">
<field name="name">x_id</field>
<field name="field_description">ID</field>
<field name="ttype">integer</field>
<field name="model_id" ref="sql_export.model_sql_file_wizard"/>
<field name="model">sql.file.wizard</field>
<field name="state">manual</field>
</record>
<record id="m2m_field_variable_sql" model="ir.model.fields">
<field name="name">x_partner_categ_ids</field>
<field name="field_description">Partner Categories</field>
<field name="ttype">many2many</field>
<field name="model_id" ref="sql_export.model_sql_file_wizard"/>
<field name="model">sql.file.wizard</field>
<field name="state">manual</field>
<field name="relation">res.partner.category</field>
</record>
<record id="sql_export_partner" model="sql.export"> <record id="sql_export_partner" model="sql.export">
<field name="name">Export Partners (Demo Data)</field> <field name="name">Export Partners (Demo Data)</field>
<field name="query">SELECT name, street FROM res_partner;</field> <field name="query">SELECT name, street FROM res_partner;</field>
@ -14,4 +42,12 @@ License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
<function model="sql.export" name="button_validate_sql_expression" eval="([ref('sql_export.sql_export_partner')])"/> <function model="sql.export" name="button_validate_sql_expression" eval="([ref('sql_export.sql_export_partner')])"/>
<record id="sql_export_partner_with_variables" model="sql.export">
<field name="name">Export Partners With Variables (Demo Data)</field>
<field name="query">SELECT p.id FROM res_partner p LEFT JOIN res_partner_res_partner_category_rel rel ON rel.partner_id = p.id WHERE create_date &lt; %(x_date)s AND id = %(x_id)s AND rel.category_id in %(x_partner_categ_ids)s</field>
<field eval="[(6, 0, [ref('date_field_variable_sql'), ref('integer_field_variable_sql'), ref('m2m_field_variable_sql')])]" name="field_ids"/>
</record>
<function model="sql.export" name="button_validate_sql_expression" eval="([ref('sql_export.sql_export_partner_with_variables')])"/>
</odoo> </odoo>

16
sql_export/tests/test_sql_query.py

@ -4,7 +4,8 @@
import base64 import base64
from odoo.tests.common import TransactionCase, post_install from odoo.tests.common import TransactionCase, post_install
from odoo.exceptions import Warning as UserError
from odoo.exceptions import UserError
from odoo import fields
@post_install(True) @post_install(True)
@ -56,3 +57,16 @@ class TestExportSqlQuery(TransactionCase):
self.assertEqual( self.assertEqual(
sql_export.state, 'sql_valid', sql_export.state, 'sql_valid',
"%s is a valid request" % (query)) "%s is a valid request" % (query))
def test_sql_query_with_params(self):
query = self.env.ref('sql_export.sql_export_partner_with_variables')
categ_id = self.env.ref('base.res_partner_category_0').id
wizard = self.wizard_obj.create({
'sql_export_id': query.id,
'x_date': fields.Date.today(),
'x_id': 1,
'x_partner_categ_ids': [(6, 0, [categ_id])]
})
wizard.export_sql()
export = base64.b64decode(wizard.binary_file)
self.assertTrue(export)

34
sql_export/views/sql_export_view.xml

@ -73,8 +73,18 @@
<record id="sql_parameter_view_form" model="ir.ui.view"> <record id="sql_parameter_view_form" model="ir.ui.view">
<field name="name">Sql_parameter_form_view</field> <field name="name">Sql_parameter_form_view</field>
<field name="model">ir.model.fields</field> <field name="model">ir.model.fields</field>
<field name="priority">150</field>
<field name="arch" type="xml"> <field name="arch" type="xml">
<form string="SQL export"> <form string="SQL export">
<group>
<field name="name"/>
<field name="field_description"/>
<field name="ttype"/>
<field name="relation" attrs="{'invisible': [('ttype', 'not in', ('many2one', 'many2many', 'one2many'))], 'required': [('ttype', 'in', ('many2one', 'many2many', 'one2many'))]}"/>
<field name="model_id" readonly="1"/>
<field name="model" invisible="1"/>
<field name="required"/>
</group>
</form> </form>
</field> </field>
</record> </record>
@ -82,22 +92,40 @@
<record id="sql_parameter_view_tree" model="ir.ui.view"> <record id="sql_parameter_view_tree" model="ir.ui.view">
<field name="name">Sql_parameter_tree_view</field> <field name="name">Sql_parameter_tree_view</field>
<field name="model">ir.model.fields</field> <field name="model">ir.model.fields</field>
<field name="priority">150</field>
<field name="arch" type="xml"> <field name="arch" type="xml">
<tree string="SQL Parameter"> <tree string="SQL Parameter">
<field name="name"/> <field name="name"/>
<field name="field_description"/>
<field name="ttype"/>
<field name="required"/>
</tree> </tree>
</field> </field>
</record> </record>
<record id="sql_parameter_tree_action" model="ir.actions.act_window">
<record id="sql_parameter_action" model="ir.actions.act_window">
<field name="name">SQL Parameter</field> <field name="name">SQL Parameter</field>
<field name="res_model">ir.model.fields</field> <field name="res_model">ir.model.fields</field>
<field name="view_type">form</field> <field name="view_type">form</field>
<field name="view_mode">tree,form</field> <field name="view_mode">tree,form</field>
<field name="context" eval="{'default_model_id': ref('sql_export.model_sql_file_wizard'), 'default_size': 64, 'search_default_state': 'manual'}"/>
<field name="context" eval="{'default_model_id': ref('sql_export.model_sql_file_wizard'), 'default_size': 64, 'search_default_state': 'manual', 'default_model': 'sql.file.wizard'}"/>
<field name="domain">[('model','=','sql.file.wizard')]</field> <field name="domain">[('model','=','sql.file.wizard')]</field>
</record> </record>
<menuitem id="sql_parameter_menu_view" name="Sql Export Variables" parent="sql_export_menu" action="sql_parameter_tree_action" sequence="5" groups="sql_request_abstract.group_sql_request_manager"/>
<record id="sql_parameter_action_view_tree" model="ir.actions.act_window.view">
<field name="sequence" eval="1"/>
<field name="view_mode">tree</field>
<field name="view_id" ref="sql_parameter_view_tree"/>
<field name="act_window_id" ref="sql_parameter_action"/>
</record>
<record id="sql_parameter_action_view_form" model="ir.actions.act_window.view">
<field name="sequence" eval="2"/>
<field name="view_mode">form</field>
<field name="view_id" ref="sql_parameter_view_form"/>
<field name="act_window_id" ref="sql_parameter_action"/>
</record>
<menuitem id="sql_parameter_menu_view" name="Sql Export Variables" parent="sql_export_menu" action="sql_parameter_action" sequence="5" groups="sql_request_abstract.group_sql_request_manager"/>
</odoo> </odoo>

7
sql_export/wizard/wizard_file.py

@ -62,7 +62,12 @@ class SqlFileWizard(models.TransientModel):
date = now_tz.strftime(DEFAULT_SERVER_DATETIME_FORMAT) date = now_tz.strftime(DEFAULT_SERVER_DATETIME_FORMAT)
if sql_export.field_ids: if sql_export.field_ids:
for field in sql_export.field_ids: for field in sql_export.field_ids:
variable_dict[field.name] = self[field.name]
if field.ttype == 'many2one':
variable_dict[field.name] = self[field.name].id
elif field.ttype == 'many2many':
variable_dict[field.name] = tuple(self[field.name].ids)
else:
variable_dict[field.name] = self[field.name]
if "%(company_id)s" in sql_export.query: if "%(company_id)s" in sql_export.query:
variable_dict['company_id'] = self.env.user.company_id.id variable_dict['company_id'] = self.env.user.company_id.id
if "%(user_id)s" in sql_export.query: if "%(user_id)s" in sql_export.query:

7
sql_request_abstract/models/sql_request_mixin.py

@ -144,12 +144,7 @@ class SQLRequestMixin(models.AbstractModel):
if mode in ('view', 'materialized_view'): if mode in ('view', 'materialized_view'):
rollback = False rollback = False
# pylint: disable=sql-injection
if params:
query = self.query % params
else:
query = self.query
query = query
query = self.env.cr.mogrify(self.query, params).decode('utf-8')
if mode in ('fetchone', 'fetchall'): if mode in ('fetchone', 'fetchall'):
pass pass

Loading…
Cancel
Save