Browse Source

[REF] create a new module sql_request_abstract

pull/1554/head
Sylvain LE GAL 8 years ago
committed by David Beal
parent
commit
cfeb10038e
  1. 25
      sql_export/README.rst
  2. 40
      sql_export/__openerp__.py
  3. 17
      sql_export/demo/sql_export.xml
  4. 136
      sql_export/i18n/fr.po
  5. 110
      sql_export/i18n/sql_export.pot
  6. 88
      sql_export/models/sql_export.py
  7. 2
      sql_export/security/ir.model.access.csv
  8. 5
      sql_export/security/sql_export_security.xml
  9. 56
      sql_export/tests/test_sql_query.py
  10. 54
      sql_export/views/sql_export_view.xml
  11. 40
      sql_export/wizard/wizard_file.py
  12. 2
      sql_export/wizard/wizard_file_view.xml

25
sql_export/README.rst

@ -12,16 +12,21 @@ A new menu named Export is created.
Known issues / Roadmap Known issues / Roadmap
====================== ======================
Some words are prohibeted and can't be used is the query in anyways, even in a select query :
* delete
* drop
* insert
* alter
* truncate
* execute
* create
* update
* Some words are prohibeted and can't be used is the query in anyways, even in a select query :
* delete
* drop
* insert
* alter
* truncate
* execute
* create
* update
See sql_request_abstract module to fix this issue.
* checking SQL request by execution and rollback is disabled in this module
since variables features has been introduced. This can be fixed by
overloading _prepare_request_check_execution() function.
Bug Tracker Bug Tracker

40
sql_export/__openerp__.py

@ -19,21 +19,25 @@
# #
############################################################################## ##############################################################################
{'name': 'SQL Export',
'version': '9.0.1.0.0',
'author': 'Akretion,Odoo Community Association (OCA)',
'website': 'http://www.akretion.com',
'license': 'AGPL-3',
'category': 'Generic Modules/Others',
'summary': 'Export data in csv file with SQL requests',
'depends': ['base',
],
'data': [
'views/sql_export_view.xml',
'wizard/wizard_file_view.xml',
'security/sql_export_security.xml',
'security/ir.model.access.csv',
],
'installable': True,
'images': [],
}
{
'name': 'SQL Export',
'version': '9.0.1.0.0',
'author': 'Akretion,Odoo Community Association (OCA)',
'website': 'http://www.akretion.com',
'license': 'AGPL-3',
'category': 'Generic Modules/Others',
'summary': 'Export data in csv file with SQL requests',
'depends': [
'sql_request_abstract',
],
'data': [
'views/sql_export_view.xml',
'wizard/wizard_file_view.xml',
'security/sql_export_security.xml',
'security/ir.model.access.csv',
],
'demo': [
'demo/sql_export.xml',
],
'installable': True,
}

17
sql_export/demo/sql_export.xml

@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (C) 2017 - Today: GRAP (http://www.grap.coop)
@author Sylvain LE GAL (https://twitter.com/legalsylvain)
License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
-->
<openerp><data>
<record id="sql_export_partner" model="sql.export">
<field name="name">Export Partners (Demo Data)</field>
<field name="query">SELECT name, street FROM res_partner;</field>
</record>
<function model="sql.export" name="button_clean_check_request" eval="([ref('sql_export.sql_export_partner')])"/>
</data></openerp>

136
sql_export/i18n/fr.po

@ -6,8 +6,8 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: Odoo Server 8.0\n" "Project-Id-Version: Odoo Server 8.0\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-02-05 13:10+0000\n"
"PO-Revision-Date: 2016-02-05 13:10+0000\n"
"POT-Creation-Date: 2017-02-27 12:18+0000\n"
"PO-Revision-Date: 2017-02-27 12:18+0000\n"
"Last-Translator: <>\n" "Last-Translator: <>\n"
"Language-Team: \n" "Language-Team: \n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
@ -21,6 +21,7 @@ msgid "Allow the user to save the file with sql request's data"
msgstr "Permet à l'utilisateur de sauvegarder le fichier contenant les données de la requête SQL" msgstr "Permet à l'utilisateur de sauvegarder le fichier contenant les données de la requête SQL"
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
#: field:sql.export,group_ids:0 #: field:sql.export,group_ids:0
msgid "Allowed Groups" msgid "Allowed Groups"
msgstr "Groupes Autorisés" msgstr "Groupes Autorisés"
@ -31,15 +32,20 @@ msgstr "Groupes Autorisés"
msgid "Allowed Users" msgid "Allowed Users"
msgstr "Utilisateurs Autorisés" msgstr "Utilisateurs Autorisés"
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Cancel"
msgstr "Annuler"
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
msgid "Allowed Users Groups"
msgstr "Groupes d'utilisateurs Autorisés"
msgid "Clean and Check Request"
msgstr "Corriger et vérifier la requête"
#. module: sql_export #. module: sql_export
#: field:sql.export,copy_options:0 #: field:sql.export,copy_options:0
msgid "Copy Options" msgid "Copy Options"
msgstr "Copy Options"
msgstr "Options de copie"
#. module: sql_export #. module: sql_export
#: field:sql.export,create_uid:0 #: field:sql.export,create_uid:0
@ -58,10 +64,32 @@ msgstr "Créé le"
msgid "Csv File" msgid "Csv File"
msgstr "Fichier CSV" msgstr "Fichier CSV"
#. module: sql_export
#: field:sql.export,display_name:0
#: field:sql.file.wizard,display_name:0
msgid "Display Name"
msgstr "Nom affiché"
#. module: sql_export
#: selection:sql.export,state:0
msgid "Draft"
msgstr "En brouillon"
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
#: view:sql.export:sql_export.sql_export_view_tree
msgid "Execute Query" msgid "Execute Query"
msgstr "Exécuter"
msgstr "Execute la requête"
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Export"
msgstr "Exporter"
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Export file"
msgstr "Fichier d'export"
#. module: sql_export #. module: sql_export
#: field:sql.file.wizard,binary_file:0 #: field:sql.file.wizard,binary_file:0
@ -71,7 +99,7 @@ msgstr "Fichier"
#. module: sql_export #. module: sql_export
#: field:sql.file.wizard,file_name:0 #: field:sql.file.wizard,file_name:0
msgid "File Name" msgid "File Name"
msgstr "Nom du fichier"
msgstr "Nom de fichier"
#. module: sql_export #. module: sql_export
#: field:sql.export,id:0 #: field:sql.export,id:0
@ -79,39 +107,78 @@ msgstr "Nom du fichier"
msgid "ID" msgid "ID"
msgstr "ID" msgstr "ID"
#. module: sql_export
#: field:sql.export,__last_update:0
#: field:sql.file.wizard,__last_update:0
msgid "Last Modified on"
msgstr "Dernière modification le"
#. module: sql_export #. module: sql_export
#: field:sql.export,write_uid:0 #: field:sql.export,write_uid:0
#: field:sql.file.wizard,write_uid:0 #: field:sql.file.wizard,write_uid:0
msgid "Last Updated by" msgid "Last Updated by"
msgstr "Last Updated by"
msgstr "Dernière mise à jour par"
#. module: sql_export #. module: sql_export
#: field:sql.export,write_date:0 #: field:sql.export,write_date:0
#: field:sql.file.wizard,write_date:0 #: field:sql.file.wizard,write_date:0
msgid "Last Updated on" msgid "Last Updated on"
msgstr "Last Updated on"
msgstr "Dernière mise à jour le"
#. module: sql_export #. module: sql_export
#: field:sql.export,name:0 #: field:sql.export,name:0
msgid "Name" msgid "Name"
msgstr "Nom" msgstr "Nom"
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
#: field:sql.export,field_ids:0
msgid "Parameters"
msgstr "Paramètres"
#. module: sql_export #. module: sql_export
#: field:sql.export,query:0 #: field:sql.export,query:0
msgid "Query" msgid "Query"
msgstr "Requête" msgstr "Requête"
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "Request Name"
msgstr "Nom de la requête"
#. module: sql_export #. module: sql_export
#: model:ir.actions.act_window,name:sql_export.sql_export_tree_action #: model:ir.actions.act_window,name:sql_export.sql_export_tree_action
#: view:sql.export:sql_export.sql_export_view_tree #: view:sql.export:sql_export.sql_export_view_tree
msgid "SQL Export" msgid "SQL Export"
msgstr "SQL Export"
msgstr "Export SQL"
#. module: sql_export
#: model:ir.actions.act_window,name:sql_export.sql_parameter_tree_action
#: view:ir.model.fields:sql_export.sql_parameter_view_tree
msgid "SQL Parameter"
msgstr "Paramètre SQL"
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "SQL Request"
msgstr "Requête SQL"
#. module: sql_export
#: selection:sql.export,state:0
msgid "SQL Valid"
msgstr "SQL Validé"
#. module: sql_export #. module: sql_export
#: model:ir.model,name:sql_export.model_sql_export #: model:ir.model,name:sql_export.model_sql_export
#: view:ir.model.fields:sql_export.sql_parameter_view_form
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
msgid "SQL export" msgid "SQL export"
msgstr "Export SQL"
msgstr "export SQL"
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "Set to Draft"
msgstr "Remettre en brouillon"
#. module: sql_export #. module: sql_export
#: model:ir.ui.menu,name:sql_export.sql_export_menu #: model:ir.ui.menu,name:sql_export.sql_export_menu
@ -120,23 +187,46 @@ msgid "Sql Export"
msgstr "Export SQL" msgstr "Export SQL"
#. module: sql_export #. module: sql_export
#: model:res.groups,name:sql_export.group_sql_request_editor
msgid "Sql Request Editor"
msgstr "Edition de Requête SQL"
#: model:ir.ui.menu,name:sql_export.sql_parameter_menu_view
msgid "Sql Export Variables"
msgstr "Variables d'export SQL"
#. module: sql_export #. module: sql_export
#: code:addons/sql_export/sql_export.py:132
#, python-format
msgid "The Sql query is not valid."
msgstr "La requête SQL n'est pas valide"
#: field:sql.file.wizard,sql_export_id:0
msgid "Sql export id"
msgstr "Sql export id"
#. module: sql_export #. module: sql_export
#: constraint:sql.export:0
msgid "The query you want make is not allowed : prohibited actions (delete, drop, insert, alter, truncate, execute, create, update)"
msgstr "La requête que vous voulez faire n'est pas autorisée : actions interdites (delete, drop, insert, alter, truncate, execute, create, update)"
#: field:sql.export,state:0
msgid "State"
msgstr "Etat"
#. module: sql_export
#: help:sql.export,state:0
msgid "State of the Request:\n"
" * 'Draft': Not tested\n"
" * 'SQL Valid': SQL Request has been checked and is valid"
msgstr "Etat de la requête:\n"
" * 'En brouillon': non testée\n"
" * 'SQL Validé': La requête SQL a été vérifiée et est valide"
#. module: sql_export #. module: sql_export
#: help:sql.export,query:0 #: help:sql.export,query:0
msgid "You can't use the following word : delete, drop, create, insert, alter, truncate, execute, update"
msgstr "Vous ne pouvez pas utiliser les mots suivants : delete, drop, create, insert, alter, truncate, execute, update"
msgid "You can't use the following words: DELETE, DROP, CREATE, INSERT, ALTER, TRUNCATE, EXECUTE, UPDATE"
msgstr "Vous ne pouvez pas utiliser les termes suivants : DELETE, DROP, CREATE, INSERT, ALTER, TRUNCATE, EXECUTE, UPDATE"
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "or"
msgstr "ou"
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "select * from res_partner"
msgstr "select * from res_partner"
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "variables_placeholder"
msgstr "variables_placeholder"

110
sql_export/i18n/sql_export.pot

@ -6,8 +6,8 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: Odoo Server 8.0\n" "Project-Id-Version: Odoo Server 8.0\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-02-05 13:10+0000\n"
"PO-Revision-Date: 2016-02-05 13:10+0000\n"
"POT-Creation-Date: 2017-02-27 12:24+0000\n"
"PO-Revision-Date: 2017-02-27 12:24+0000\n"
"Last-Translator: <>\n" "Last-Translator: <>\n"
"Language-Team: \n" "Language-Team: \n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
@ -21,6 +21,7 @@ msgid "Allow the user to save the file with sql request's data"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
#: field:sql.export,group_ids:0 #: field:sql.export,group_ids:0
msgid "Allowed Groups" msgid "Allowed Groups"
msgstr "" msgstr ""
@ -31,9 +32,14 @@ msgstr ""
msgid "Allowed Users" msgid "Allowed Users"
msgstr "" msgstr ""
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Cancel"
msgstr ""
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
msgid "Allowed Users Groups"
msgid "Clean and Check Request"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
@ -58,11 +64,33 @@ msgstr ""
msgid "Csv File" msgid "Csv File"
msgstr "" msgstr ""
#. module: sql_export
#: field:sql.export,display_name:0
#: field:sql.file.wizard,display_name:0
msgid "Display Name"
msgstr ""
#. module: sql_export
#: selection:sql.export,state:0
msgid "Draft"
msgstr ""
#. module: sql_export #. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
#: view:sql.export:sql_export.sql_export_view_tree
msgid "Execute Query" msgid "Execute Query"
msgstr "" msgstr ""
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Export"
msgstr ""
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "Export file"
msgstr ""
#. module: sql_export #. module: sql_export
#: field:sql.file.wizard,binary_file:0 #: field:sql.file.wizard,binary_file:0
msgid "File" msgid "File"
@ -79,6 +107,12 @@ msgstr ""
msgid "ID" msgid "ID"
msgstr "" msgstr ""
#. module: sql_export
#: field:sql.export,__last_update:0
#: field:sql.file.wizard,__last_update:0
msgid "Last Modified on"
msgstr ""
#. module: sql_export #. module: sql_export
#: field:sql.export,write_uid:0 #: field:sql.export,write_uid:0
#: field:sql.file.wizard,write_uid:0 #: field:sql.file.wizard,write_uid:0
@ -96,23 +130,56 @@ msgstr ""
msgid "Name" msgid "Name"
msgstr "" msgstr ""
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
#: field:sql.export,field_ids:0
msgid "Parameters"
msgstr ""
#. module: sql_export #. module: sql_export
#: field:sql.export,query:0 #: field:sql.export,query:0
msgid "Query" msgid "Query"
msgstr "" msgstr ""
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "Request Name"
msgstr ""
#. module: sql_export #. module: sql_export
#: model:ir.actions.act_window,name:sql_export.sql_export_tree_action #: model:ir.actions.act_window,name:sql_export.sql_export_tree_action
#: view:sql.export:sql_export.sql_export_view_tree #: view:sql.export:sql_export.sql_export_view_tree
msgid "SQL Export" msgid "SQL Export"
msgstr "" msgstr ""
#. module: sql_export
#: model:ir.actions.act_window,name:sql_export.sql_parameter_tree_action
#: view:ir.model.fields:sql_export.sql_parameter_view_tree
msgid "SQL Parameter"
msgstr ""
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "SQL Request"
msgstr ""
#. module: sql_export
#: selection:sql.export,state:0
msgid "SQL Valid"
msgstr ""
#. module: sql_export #. module: sql_export
#: model:ir.model,name:sql_export.model_sql_export #: model:ir.model,name:sql_export.model_sql_export
#: view:ir.model.fields:sql_export.sql_parameter_view_form
#: view:sql.export:sql_export.sql_export_view_form #: view:sql.export:sql_export.sql_export_view_form
msgid "SQL export" msgid "SQL export"
msgstr "" msgstr ""
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "Set to Draft"
msgstr ""
#. module: sql_export #. module: sql_export
#: model:ir.ui.menu,name:sql_export.sql_export_menu #: model:ir.ui.menu,name:sql_export.sql_export_menu
#: model:ir.ui.menu,name:sql_export.sql_export_menu_view #: model:ir.ui.menu,name:sql_export.sql_export_menu_view
@ -120,23 +187,44 @@ msgid "Sql Export"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
#: model:res.groups,name:sql_export.group_sql_request_editor
msgid "Sql Request Editor"
#: model:ir.ui.menu,name:sql_export.sql_parameter_menu_view
msgid "Sql Export Variables"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
#: code:addons/sql_export/sql_export.py:132
#, python-format
msgid "The Sql query is not valid."
#: field:sql.file.wizard,sql_export_id:0
msgid "Sql export id"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
#: constraint:sql.export:0
msgid "The query you want make is not allowed : prohibited actions (delete, drop, insert, alter, truncate, execute, create, update)"
#: field:sql.export,state:0
msgid "State"
msgstr ""
#. module: sql_export
#: help:sql.export,state:0
msgid "State of the Request:\n"
" * 'Draft': Not tested\n"
" * 'SQL Valid': SQL Request has been checked and is valid"
msgstr "" msgstr ""
#. module: sql_export #. module: sql_export
#: help:sql.export,query:0 #: help:sql.export,query:0
msgid "You can't use the following word : delete, drop, create, insert, alter, truncate, execute, update"
msgid "You can't use the following words: DELETE, DROP, CREATE, INSERT, ALTER, TRUNCATE, EXECUTE, UPDATE"
msgstr ""
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "or"
msgstr ""
#. module: sql_export
#: view:sql.export:sql_export.sql_export_view_form
msgid "select * from res_partner"
msgstr ""
#. module: sql_export
#: view:sql.file.wizard:sql_export.sql_file_wizard_view_form
msgid "variables_placeholder"
msgstr "" msgstr ""

88
sql_export/models/sql_export.py

@ -19,65 +19,24 @@
# #
############################################################################## ##############################################################################
import re
from openerp import models, fields, api from openerp import models, fields, api
class SqlExport(models.Model): class SqlExport(models.Model):
_name = "sql.export" _name = "sql.export"
_inherit = ['sql.request.mixin']
_description = "SQL export" _description = "SQL export"
PROHIBITED_WORDS = [
'delete',
'drop',
'insert',
'alter',
'truncate',
'execute',
'create',
'update'
]
_sql_request_groups_relation = 'groups_sqlquery_rel'
@api.multi
def _check_query_allowed(self):
for obj in self:
query = obj.query.lower()
for word in self.PROHIBITED_WORDS:
expr = r'\b%s\b' % word
is_not_safe = re.search(expr, query)
if is_not_safe:
return False
return True
_sql_request_users_relation = 'users_sqlquery_rel'
@api.model
def _get_editor_group(self):
ir_model_obj = self.env['ir.model.data']
return [ir_model_obj.xmlid_to_res_id(
'sql_export.group_sql_request_editor')]
_check_execution_enabled = False
name = fields.Char('Name', required=True)
query = fields.Text(
'Query',
required=True,
help="You can't use the following word : delete, drop, create, "
"insert, alter, truncate, execute, update")
copy_options = fields.Char( copy_options = fields.Char(
'Copy Options',
required=True,
string='Copy Options', required=True,
default="CSV HEADER DELIMITER ';'") default="CSV HEADER DELIMITER ';'")
group_ids = fields.Many2many(
'res.groups',
'groups_sqlquery_rel',
'sql_id',
'group_id',
'Allowed Groups',
default=_get_editor_group)
user_ids = fields.Many2many(
'res.users',
'users_sqlquery_rel',
'sql_id',
'user_id',
'Allowed Users')
field_ids = fields.Many2many( field_ids = fields.Many2many(
'ir.model.fields', 'ir.model.fields',
'fields_sqlquery_rel', 'fields_sqlquery_rel',
@ -85,18 +44,11 @@ class SqlExport(models.Model):
'field_id', 'field_id',
'Parameters', 'Parameters',
domain=[('model', '=', 'sql.file.wizard')]) domain=[('model', '=', 'sql.file.wizard')])
valid = fields.Boolean()
_constraints = [(_check_query_allowed,
'The query you want make is not allowed : prohibited '
'actions (%s)' % ', '.join(PROHIBITED_WORDS),
['query'])]
@api.multi @api.multi
def export_sql_query(self): def export_sql_query(self):
self.ensure_one() self.ensure_one()
wiz = self.env['sql.file.wizard'].create({ wiz = self.env['sql.file.wizard'].create({
'valid': self.valid,
'sql_export_id': self.id}) 'sql_export_id': self.id})
return { return {
'view_type': 'form', 'view_type': 'form',
@ -108,31 +60,3 @@ class SqlExport(models.Model):
'context': self._context, 'context': self._context,
'nodestroy': True, 'nodestroy': True,
} }
@api.model
def check_query_syntax(self, vals):
if vals.get('query', False):
vals['query'] = vals['query'].strip()
if vals['query'][-1] == ';':
vals['query'] = vals['query'][:-1]
# Can't test the query because of variables
# try:
# self.env.cr.execute(vals['query'])
# except:
# raise exceptions.Warning(
# _("The Sql query is not valid."))
# finally:
# self.env.cr.rollback()
return vals
@api.multi
def write(self, vals):
vals = self.check_query_syntax(vals)
if 'query' in vals:
vals['valid'] = False
return super(SqlExport, self).write(vals)
@api.model
def create(self, vals):
vals = self.check_query_syntax(vals)
return super(SqlExport, self).create(vals)

2
sql_export/security/ir.model.access.csv

@ -1,3 +1,3 @@
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" "id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
"access_sql_export_all","access_sql_export_all","model_sql_export",,1,0,0,0 "access_sql_export_all","access_sql_export_all","model_sql_export",,1,0,0,0
"access_sql_export_editor","access_sql_export_editor","model_sql_export",group_sql_request_editor,1,1,1,1
"access_sql_export_editor","access_sql_export_editor","model_sql_export",sql_request_abstract.group_sql_request_manager,1,1,1,1

5
sql_export/security/sql_export_security.xml

@ -2,11 +2,6 @@
<openerp> <openerp>
<data noupdate="0"> <data noupdate="0">
<record model="res.groups" id="group_sql_request_editor">
<field name="name">Sql Request Editor</field>
<field name="users" eval="[(4, ref('base.user_root'))]"/>
</record>
<record model="ir.rule" id="sql_export_restric_access_user_or_group"> <record model="ir.rule" id="sql_export_restric_access_user_or_group">
<field name="name" >SQL Export users and groups rules</field> <field name="name" >SQL Export users and groups rules</field>
<field name="model_id" ref="model_sql_export"/> <field name="model_id" ref="model_sql_export"/>

56
sql_export/tests/test_sql_query.py

@ -20,35 +20,27 @@
############################################################################## ##############################################################################
import base64 import base64
from openerp.tests.common import TransactionCase from openerp.tests.common import TransactionCase
from openerp import exceptions
from openerp.exceptions import Warning as UserError
class TestExportSqlQuery(TransactionCase): class TestExportSqlQuery(TransactionCase):
def setUp(self): def setUp(self):
super(TestExportSqlQuery, self).setUp() super(TestExportSqlQuery, self).setUp()
query_vals = {
'name': 'test',
'query': "SELECT name, street FROM res_partner;"
}
self.sql_model = self.registry('sql.export')
self.query_id = self.sql_model.create(
self.cr,
self.uid,
query_vals)
self.sql_export_obj = self.env['sql.export']
self.wizard_obj = self.env['sql.file.wizard']
self.sql_report_demo = self.env.ref('sql_export.sql_export_partner')
def test_sql_query(self): def test_sql_query(self):
test = self.sql_model.export_sql_query(
self.cr, self.uid, [self.query_id])
self.registry('sql.file.wizard').export_sql(
self.cr, self.uid, test['res_id'])
wizard = self.registry('sql.file.wizard').browse(
self.cr, self.uid, test['res_id'])
wizard = self.wizard_obj.create({
'sql_export_id': self.sql_report_demo.id,
})
wizard.export_sql()
export = base64.b64decode(wizard.binary_file) export = base64.b64decode(wizard.binary_file)
self.assertEqual(export.split(';')[0], 'name') self.assertEqual(export.split(';')[0], 'name')
self.assertTrue(len(export.split(';')) > 6) self.assertTrue(len(export.split(';')) > 6)
def test_prohibited_queries_creation(self):
def test_prohibited_queries(self):
prohibited_queries = [ prohibited_queries = [
"upDaTe res_partner SET name = 'test' WHERE id = 1", "upDaTe res_partner SET name = 'test' WHERE id = 1",
"DELETE FROM sql_export WHERE name = 'test';", "DELETE FROM sql_export WHERE name = 'test';",
@ -60,14 +52,22 @@ class TestExportSqlQuery(TransactionCase):
""", """,
] ]
for query in prohibited_queries: for query in prohibited_queries:
with self.assertRaises(exceptions.ValidationError):
self.sql_model.create(
self.cr, self.uid,
{'name': 'test_prohibited',
'query': query})
ok_query = {
'name': 'test ok',
'query': "SELECT create_date FROM res_partner"
}
query_id = self.sql_model.create(self.cr, self.uid, ok_query)
self.assertIsNotNone(query_id)
with self.assertRaises(UserError):
sql_export = self.sql_export_obj.create({
'name': 'test_prohibited',
'query': query})
sql_export.button_clean_check_request()
def test_authorized_queries(self):
authorized_queries = [
"SELECT create_date FROM res_partner",
]
for query in authorized_queries:
sql_export = self.sql_export_obj.create({
'name': 'test_authorized',
'query': query})
sql_export.button_clean_check_request()
self.assertEqual(
sql_export.state, 'sql_valid',
"%s is a valid request" % (query))

54
sql_export/views/sql_export_view.xml

@ -8,26 +8,40 @@
<field name="model">sql.export</field> <field name="model">sql.export</field>
<field name="arch" type="xml"> <field name="arch" type="xml">
<form string="SQL export"> <form string="SQL export">
<group col="2">
<group colspan="2" col="5">
<label for="name" colspan="1"/>
<field name="name" colspan="2" nolabel="1"/>
<button name="export_sql_query" string="Execute Query" type="object" class="oe_highlight" icon="gtk-execute" colspan="2"/>
<label for="query" colspan="1"/>
<field name="query" nolabel="1" colspan="4"/>
<label for="Copy Options" colspan="1"/>
<field name="copy_options" nolabel="1" colspan="4"/>
</group>
<group groups="sql_export.group_sql_request_editor" string="Parameters">
<field name="field_ids" nolabel="1"/>
</group>
<group colspan="2" col="2" groups="sql_export.group_sql_request_editor">
<separator string="Allowed Users" colspan="1"/>
<separator string="Allowed Users Groups" colspan="1"/>
<sheet>
<header>
<button name="button_clean_check_request" type="object" states="draft"
string="Clean and Check Request" class="oe_highlight"/>
<button name="button_set_draft" type="object" states="sql_valid"
string="Set to Draft" groups="sql_request_abstract.group_sql_request_manager"/>
<button name="export_sql_query" string="Execute Query" states="sql_valid" type="object" class="oe_highlight"
icon="gtk-execute"/>
<field name="state" widget="statusbar" />
</header>
<group>
<h1>
<field name="name" nolabel="1" placeholder="Request Name"/>
</h1>
</group>
<group name="option" groups="sql_request_abstract.group_sql_request_user">
<field name="copy_options"/>
</group>
<group name="request" string="SQL Request" groups="sql_request_abstract.group_sql_request_user">
<field name="query" nolabel="1" placeholder="select * from res_partner"/>
</group>
<group string="Parameters" groups="sql_request_abstract.group_sql_request_user">
<field name="field_ids" nolabel="1"/>
</group>
<group groups="sql_request_abstract.group_sql_request_manager">
<group string="Allowed Users">
<field name="user_ids" nolabel="1"/> <field name="user_ids" nolabel="1"/>
</group>
<group string="Allowed Groups">
<field name="group_ids" nolabel="1"/> <field name="group_ids" nolabel="1"/>
</group> </group>
</group> </group>
</sheet>
</form> </form>
</field> </field>
</record> </record>
@ -36,9 +50,11 @@
<field name="name">Sql_export_tree_view</field> <field name="name">Sql_export_tree_view</field>
<field name="model">sql.export</field> <field name="model">sql.export</field>
<field name="arch" type="xml"> <field name="arch" type="xml">
<tree string="SQL Export" colors="red:valid == False">
<tree string="SQL Export" colors="blue:state == 'draft'">
<field name="name"/> <field name="name"/>
<field name="valid" invisible="1"/>
<field name="state"/>
<button name="export_sql_query" string="Execute Query" states="sql_valid" type="object"
icon="gtk-execute"/>
</tree> </tree>
</field> </field>
</record> </record>
@ -84,7 +100,7 @@
<field name="domain">[('model','=','sql.file.wizard')]</field> <field name="domain">[('model','=','sql.file.wizard')]</field>
</record> </record>
<menuitem id="sql_parameter_menu_view" name="Sql Export Variables" parent="sql_export_menu" action="sql_parameter_tree_action" sequence="5"/>
<menuitem id="sql_parameter_menu_view" name="Sql Export Variables" parent="sql_export_menu" action="sql_parameter_tree_action" sequence="5" groups="sql_request_abstract.group_sql_request_manager"/>
</data> </data>

40
sql_export/wizard/wizard_file.py

@ -18,14 +18,12 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# #
############################################################################## ##############################################################################
from openerp import models, fields, api
from openerp.osv.orm import setup_modifiers
import StringIO
import base64
import datetime import datetime
from lxml import etree from lxml import etree
from openerp import models, fields, api, osv
from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT from openerp.tools import DEFAULT_SERVER_DATETIME_FORMAT
import uuid
class SqlFileWizard(models.TransientModel): class SqlFileWizard(models.TransientModel):
@ -34,7 +32,6 @@ class SqlFileWizard(models.TransientModel):
binary_file = fields.Binary('File', readonly=True) binary_file = fields.Binary('File', readonly=True)
file_name = fields.Char('File Name', readonly=True) file_name = fields.Char('File Name', readonly=True)
valid = fields.Boolean()
sql_export_id = fields.Many2one(comodel_name='sql.export', required=True) sql_export_id = fields.Many2one(comodel_name='sql.export', required=True)
@api.model @api.model
@ -58,7 +55,8 @@ class SqlFileWizard(models.TransientModel):
kwargs = {'name': "%s" % field.name} kwargs = {'name': "%s" % field.name}
toupdate_fields.append(field.name) toupdate_fields.append(field.name)
view_field = etree.SubElement(group, 'field', **kwargs) view_field = etree.SubElement(group, 'field', **kwargs)
setup_modifiers(view_field, self.fields_get(field.name))
osv.orm.setup_modifiers(
view_field, self.fields_get(field.name))
res['fields'].update(self.fields_get(toupdate_fields)) res['fields'].update(self.fields_get(toupdate_fields))
placeholder = eview.xpath( placeholder = eview.xpath(
@ -72,12 +70,13 @@ class SqlFileWizard(models.TransientModel):
def export_sql(self): def export_sql(self):
self.ensure_one() self.ensure_one()
sql_export = self.sql_export_id sql_export = self.sql_export_id
# Manage Params
variable_dict = {}
today = datetime.datetime.now() today = datetime.datetime.now()
today_tz = fields.Datetime.context_timestamp( today_tz = fields.Datetime.context_timestamp(
sql_export, today) sql_export, today)
date = today_tz.strftime(DEFAULT_SERVER_DATETIME_FORMAT) date = today_tz.strftime(DEFAULT_SERVER_DATETIME_FORMAT)
output = StringIO.StringIO()
variable_dict = {}
if sql_export.field_ids: if sql_export.field_ids:
for field in sql_export.field_ids: for field in sql_export.field_ids:
variable_dict[field.name] = self[field.name] variable_dict[field.name] = self[field.name]
@ -85,25 +84,16 @@ class SqlFileWizard(models.TransientModel):
variable_dict['company_id'] = self.env.user.company_id.id variable_dict['company_id'] = self.env.user.company_id.id
if "%(user_id)s" in sql_export.query: if "%(user_id)s" in sql_export.query:
variable_dict['user_id'] = self._uid variable_dict['user_id'] = self._uid
format_query = self.env.cr.mogrify(
sql_export.query, variable_dict).decode('utf-8')
query = "COPY (" + format_query + ") TO STDOUT WITH " + \
sql_export.copy_options
name = 'export_query_%s' % uuid.uuid1().hex
self.env.cr.execute("SAVEPOINT %s" % name)
try:
self.env.cr.copy_expert(query, output)
output.getvalue()
new_output = base64.b64encode(output.getvalue())
output.close()
finally:
self.env.cr.execute("ROLLBACK TO SAVEPOINT %s" % name)
# Execute Request
res = sql_export._execute_sql_request(
params=variable_dict, mode='stdout',
copy_options=sql_export.copy_options)
self.write({ self.write({
'binary_file': new_output,
'binary_file': res,
'file_name': sql_export.name + '_' + date + '.csv' 'file_name': sql_export.name + '_' + date + '.csv'
}) })
if not sql_export.valid:
sql_export.sudo().valid = True
return { return {
'view_type': 'form', 'view_type': 'form',
'view_mode': 'form', 'view_mode': 'form',

2
sql_export/wizard/wizard_file_view.xml

@ -7,11 +7,9 @@
<field name="model">sql.file.wizard</field> <field name="model">sql.file.wizard</field>
<field name="arch" type="xml"> <field name="arch" type="xml">
<form string="Csv File"> <form string="Csv File">
<separator string="Warning untested export" attrs="{'invisible': [('valid', '=', True)]}"/>
<separator string="variables_placeholder" colspan="4" invisible="1"/> <separator string="variables_placeholder" colspan="4" invisible="1"/>
<separator string="Export file" colspan="4" <separator string="Export file" colspan="4"
attrs="{'invisible': [('binary_file', '=', False)]}"/> attrs="{'invisible': [('binary_file', '=', False)]}"/>
<field name="valid" invisible="1"/>
<field name="binary_file" filename="file_name"/> <field name="binary_file" filename="file_name"/>
<field name="file_name" invisible="1"/> <field name="file_name" invisible="1"/>
<footer> <footer>

Loading…
Cancel
Save