[REF] silence warning for sql injection and use of cr.commit()

4 years ago · 96dfadf8e2
7 changed files with 55 additions and 15 deletions
--- a/easy_my_coop/models/partner.py
+++ b/easy_my_coop/models/partner.py
@ -52,16 +52,23 @@ class ResPartner(models.Model):
        account_invoice_report._apply_ir_rules(where_query, "read")
        from_clause, where_clause, where_clause_params = where_query.get_sql()

-        # price_total is in the company currency
+        # fixme while you're here, please fix the query
+        #  to pass pylint sql-injection
+        #  Note de Houssine: note que c'est la
+        #  surcharge d'une fonction standard de la facturation Odoo. Elle
+        #  date de la 9 voir si la v12 a été adaptée où est équivalente à la 12
+        # price_total is in the company currency pylint:
+        # pylint: disable=sql-injection
        query = (
            """
-                  SELECT SUM(price_total) as total, partner_id
-                    FROM account_invoice_report account_invoice_report
-                   WHERE %s
-                   GROUP BY partner_id
+                SELECT SUM(price_total) as total, partner_id
+                FROM account_invoice_report account_invoice_report
+                WHERE %s
+                GROUP BY partner_id
                """
            % where_clause
        )
+
        self.env.cr.execute(query, where_clause_params)
        price_totals = self.env.cr.dictfetchall()
        for partner, child_ids in all_partners_and_children.items():
--- a/easy_my_coop_taxshelter_report/README.rst
+++ b/easy_my_coop_taxshelter_report/README.rst
@ -27,6 +27,13 @@ tax shelter declaration for each cooperator.
 .. contents::
   :local:

+Development
+===========
+
+Do not implement tests before fixing the direct use of self.env.cr.commit()
+in models.tax_shelter_declaration
+
+
 Bug Tracker
 ===========

--- a/easy_my_coop_taxshelter_report/models/tax_shelter_declaration.py
+++ b/easy_my_coop_taxshelter_report/models/tax_shelter_declaration.py
@ -322,6 +322,19 @@ class TaxShelterCertificate(models.Model):
                certificate.state = "sent"
            else:
                certificate.state = "no_eligible"
+            # pylint: disable=invalid-commit
+            # fixme while you're here, please fix the query
+            #  to pass pylint invalid-commit
+            #  Use of cr.commit() directly is dangerous
+            #  More info https://github.com/OCA/odoo-community.org/blob/master/website/Contribution/CONTRIBUTING.rst#never-commit-the-transaction  # noqa
+
+            # Note: c'est n'est pas executé par du rpc-client mais via un
+            # cron. En sachant que l'on ne veut pas faire de roll back de
+            # toute la transaction parce que justement des mails sont
+            # envoyés. Et on ne peut pas rollbacker des emails envoyés ici
+            # c'est un rollback qui rendre le processus métier inconsistant
+            # sachant que chaque ligne à son propre état et est indépendante
+            # du statut de la déclaration tax shelter dont elle dépend
            self.env.cr.commit()

    @api.multi
--- a/easy_my_coop_taxshelter_report/readme/DEVELOP.rst
+++ b/easy_my_coop_taxshelter_report/readme/DEVELOP.rst
@ -0,0 +1,2 @@
+Do not implement tests before fixing the direct use of self.env.cr.commit()
+in models.tax_shelter_declaration
--- a/easy_my_coop_taxshelter_report/static/description/index.html
+++ b/easy_my_coop_taxshelter_report/static/description/index.html
@ -373,17 +373,23 @@ tax shelter declaration for each cooperator.</p>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
 <ul class="simple">
-<li><a class="reference internal" href="#bug-tracker" id="id1">Bug Tracker</a></li>
-<li><a class="reference internal" href="#credits" id="id2">Credits</a><ul>
-<li><a class="reference internal" href="#authors" id="id3">Authors</a></li>
-<li><a class="reference internal" href="#contributors" id="id4">Contributors</a></li>
-<li><a class="reference internal" href="#maintainers" id="id5">Maintainers</a></li>
+<li><a class="reference internal" href="#development" id="id1">Development</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="id2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="id3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="id4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="id5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="id6">Maintainers</a></li>
 </ul>
 </li>
 </ul>
 </div>
+<div class="section" id="development">
+<h1><a class="toc-backref" href="#id1">Development</a></h1>
+<p>Do not implement tests before fixing the direct use of self.env.cr.commit()
+in models.tax_shelter_declaration</p>
+</div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#id1">Bug Tracker</a></h1>
+<h1><a class="toc-backref" href="#id2">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/coopiteasy/vertical-cooperative/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us smashing it by providing a detailed and welcomed
@ -391,21 +397,21 @@ If you spotted it first, help us smashing it by providing a detailed and welcome
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#id2">Credits</a></h1>
+<h1><a class="toc-backref" href="#id3">Credits</a></h1>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#id3">Authors</a></h2>
+<h2><a class="toc-backref" href="#id4">Authors</a></h2>
 <ul class="simple">
 <li>Houssine BAKKALI &lt;<a class="reference external" href="mailto:houssine&#64;coopiteasy.be">houssine&#64;coopiteasy.be</a>&gt;</li>
 </ul>
 </div>
 <div class="section" id="contributors">
-<h2><a class="toc-backref" href="#id4">Contributors</a></h2>
+<h2><a class="toc-backref" href="#id5">Contributors</a></h2>
 <ul class="simple">
 <li>Coop IT Easy SCRLfs</li>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#id5">Maintainers</a></h2>
+<h2><a class="toc-backref" href="#id6">Maintainers</a></h2>
 <p>This module is part of the <a class="reference external" href="https://github.com/coopiteasy/vertical-cooperative/tree/12.0/easy_my_coop_taxshelter_report">coopiteasy/vertical-cooperative</a> project on GitHub.</p>
 <p>You are welcome to contribute.</p>
 </div>
--- a/easy_my_coop_taxshelter_report/tests/tests.txt
+++ b/easy_my_coop_taxshelter_report/tests/tests.txt
@ -0,0 +1,2 @@
+Do not implement tests before fixing the direct use of self.env.cr.commit()
+in models.tax_shelter_declaration
--- a/partner_age/models/partner.py
+++ b/partner_age/models/partner.py
@ -10,6 +10,9 @@ class ResPartner(models.Model):
    def _search_age(self, operator, value):
        if operator not in ("=", "!=", "<", "<=", ">", ">=", "in", "not in"):
            return []
+        # pylint: disable=sql-injection
+        # fixme while you're here, please fix the query to pass
+        #  pylint sql-injection
        query = """SELECT id
                   FROM "%s"
                   WHERE extract(year from age(CURRENT_DATE,