Browse Source

[REF] silence warning for sql injection and use of cr.commit()

pull/84/head
robin.keunen 5 years ago
parent
commit
96dfadf8e2
  1. 9
      easy_my_coop/models/partner.py
  2. 7
      easy_my_coop_taxshelter_report/README.rst
  3. 13
      easy_my_coop_taxshelter_report/models/tax_shelter_declaration.py
  4. 2
      easy_my_coop_taxshelter_report/readme/DEVELOP.rst
  5. 26
      easy_my_coop_taxshelter_report/static/description/index.html
  6. 2
      easy_my_coop_taxshelter_report/tests/tests.txt
  7. 3
      partner_age/models/partner.py

9
easy_my_coop/models/partner.py

@ -52,7 +52,13 @@ class ResPartner(models.Model):
account_invoice_report._apply_ir_rules(where_query, "read")
from_clause, where_clause, where_clause_params = where_query.get_sql()
# price_total is in the company currency
# fixme while you're here, please fix the query
# to pass pylint sql-injection
# Note de Houssine: note que c'est la
# surcharge d'une fonction standard de la facturation Odoo. Elle
# date de la 9 voir si la v12 a été adaptée où est équivalente à la 12
# price_total is in the company currency pylint:
# pylint: disable=sql-injection
query = (
"""
SELECT SUM(price_total) as total, partner_id
@ -62,6 +68,7 @@ class ResPartner(models.Model):
"""
% where_clause
)
self.env.cr.execute(query, where_clause_params)
price_totals = self.env.cr.dictfetchall()
for partner, child_ids in all_partners_and_children.items():

7
easy_my_coop_taxshelter_report/README.rst

@ -27,6 +27,13 @@ tax shelter declaration for each cooperator.
.. contents::
:local:
Development
===========
Do not implement tests before fixing the direct use of self.env.cr.commit()
in models.tax_shelter_declaration
Bug Tracker
===========

13
easy_my_coop_taxshelter_report/models/tax_shelter_declaration.py

@ -322,6 +322,19 @@ class TaxShelterCertificate(models.Model):
certificate.state = "sent"
else:
certificate.state = "no_eligible"
# pylint: disable=invalid-commit
# fixme while you're here, please fix the query
# to pass pylint invalid-commit
# Use of cr.commit() directly is dangerous
# More info https://github.com/OCA/odoo-community.org/blob/master/website/Contribution/CONTRIBUTING.rst#never-commit-the-transaction # noqa
# Note: c'est n'est pas executé par du rpc-client mais via un
# cron. En sachant que l'on ne veut pas faire de roll back de
# toute la transaction parce que justement des mails sont
# envoyés. Et on ne peut pas rollbacker des emails envoyés ici
# c'est un rollback qui rendre le processus métier inconsistant
# sachant que chaque ligne à son propre état et est indépendante
# du statut de la déclaration tax shelter dont elle dépend
self.env.cr.commit()
@api.multi

2
easy_my_coop_taxshelter_report/readme/DEVELOP.rst

@ -0,0 +1,2 @@
Do not implement tests before fixing the direct use of self.env.cr.commit()
in models.tax_shelter_declaration

26
easy_my_coop_taxshelter_report/static/description/index.html

@ -373,17 +373,23 @@ tax shelter declaration for each cooperator.</p>
<p><strong>Table of contents</strong></p>
<div class="contents local topic" id="contents">
<ul class="simple">
<li><a class="reference internal" href="#bug-tracker" id="id1">Bug Tracker</a></li>
<li><a class="reference internal" href="#credits" id="id2">Credits</a><ul>
<li><a class="reference internal" href="#authors" id="id3">Authors</a></li>
<li><a class="reference internal" href="#contributors" id="id4">Contributors</a></li>
<li><a class="reference internal" href="#maintainers" id="id5">Maintainers</a></li>
<li><a class="reference internal" href="#development" id="id1">Development</a></li>
<li><a class="reference internal" href="#bug-tracker" id="id2">Bug Tracker</a></li>
<li><a class="reference internal" href="#credits" id="id3">Credits</a><ul>
<li><a class="reference internal" href="#authors" id="id4">Authors</a></li>
<li><a class="reference internal" href="#contributors" id="id5">Contributors</a></li>
<li><a class="reference internal" href="#maintainers" id="id6">Maintainers</a></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="development">
<h1><a class="toc-backref" href="#id1">Development</a></h1>
<p>Do not implement tests before fixing the direct use of self.env.cr.commit()
in models.tax_shelter_declaration</p>
</div>
<div class="section" id="bug-tracker">
<h1><a class="toc-backref" href="#id1">Bug Tracker</a></h1>
<h1><a class="toc-backref" href="#id2">Bug Tracker</a></h1>
<p>Bugs are tracked on <a class="reference external" href="https://github.com/coopiteasy/vertical-cooperative/issues">GitHub Issues</a>.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us smashing it by providing a detailed and welcomed
@ -391,21 +397,21 @@ If you spotted it first, help us smashing it by providing a detailed and welcome
<p>Do not contact contributors directly about support or help with technical issues.</p>
</div>
<div class="section" id="credits">
<h1><a class="toc-backref" href="#id2">Credits</a></h1>
<h1><a class="toc-backref" href="#id3">Credits</a></h1>
<div class="section" id="authors">
<h2><a class="toc-backref" href="#id3">Authors</a></h2>
<h2><a class="toc-backref" href="#id4">Authors</a></h2>
<ul class="simple">
<li>Houssine BAKKALI &lt;<a class="reference external" href="mailto:houssine&#64;coopiteasy.be">houssine&#64;coopiteasy.be</a>&gt;</li>
</ul>
</div>
<div class="section" id="contributors">
<h2><a class="toc-backref" href="#id4">Contributors</a></h2>
<h2><a class="toc-backref" href="#id5">Contributors</a></h2>
<ul class="simple">
<li>Coop IT Easy SCRLfs</li>
</ul>
</div>
<div class="section" id="maintainers">
<h2><a class="toc-backref" href="#id5">Maintainers</a></h2>
<h2><a class="toc-backref" href="#id6">Maintainers</a></h2>
<p>This module is part of the <a class="reference external" href="https://github.com/coopiteasy/vertical-cooperative/tree/12.0/easy_my_coop_taxshelter_report">coopiteasy/vertical-cooperative</a> project on GitHub.</p>
<p>You are welcome to contribute.</p>
</div>

2
easy_my_coop_taxshelter_report/tests/tests.txt

@ -0,0 +1,2 @@
Do not implement tests before fixing the direct use of self.env.cr.commit()
in models.tax_shelter_declaration

3
partner_age/models/partner.py

@ -10,6 +10,9 @@ class ResPartner(models.Model):
def _search_age(self, operator, value):
if operator not in ("=", "!=", "<", "<=", ">", ">=", "in", "not in"):
return []
# pylint: disable=sql-injection
# fixme while you're here, please fix the query to pass
# pylint sql-injection
query = """SELECT id
FROM "%s"
WHERE extract(year from age(CURRENT_DATE,

Loading…
Cancel
Save