New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ADD sql_export module #175
Conversation
'license': 'AGPL-3', | ||
'category': 'Generic Modules/Others', | ||
'summary': 'Export data in csv file with SQL requests', | ||
'depends': ['mrp', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you depend on 'mrp'? IMO this should be 'base'.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Of course! I'll change that now, it is a mistake.
c632bd4
to
e84990f
Compare
for obj in self.browse(cr, uid, ids, context=context): | ||
if any(word in obj.query.lower() for word in PROHIBITED_WORDS): | ||
return False | ||
if obj.query.strip().split(' ')[0].lower() != 'select': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO the second if
is too restrictive. It's sometimes useful to build query using the with
clause (http://www.postgresql.org/docs/9.1/static/queries-with.html). Moreover, if you want to test that the query starts with select
you should write
if not obj.query.lower().startswith('select'):
return False
IMO, checking for prohibited works is enough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your comment!
You are right, checking first word is a bit restrictive.
But I am not sure checking for prohibited words is enought.
I could forget one or two important since I am not a huge expert in sql
Also, I did not include some word like update or create in this list.
So someone could update any tables, which we do not want!
I chose not to put create because of the field create_date that we may want to extract.
Also update, is easily used in fields name. (like in prestashop or magento connector)
That is why I restrict on the word SELECT.
Of course, I am open to idea to make it better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use a regular expression to search for the whole word and include update
and create
in your list of prohibited words.
@florian-dacosta Thank you for this PR: nice functionality for advanced user only. Your module works fine (tested in my env). Some additional remarks.
lmi |
return True | ||
|
||
def _get_editor_group(self, cr, uid, *args): | ||
gr_obj = self.pool.get('res.groups') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should query ir.model.data
with the xmlid
def _get_editor_group(self, cr, uid, *args):
model_obj = self.pool['ir.model.data']
return model_obj.get_object_reference(
cr, uid, 'sql_export', 'group_sql_request_editor')[1]
e84990f
to
eaae0ab
Compare
@lmignon Thanks for your feedback. |
Bugs are tracked on `GitHub Issues <https://github.com/OCA/maintainer-tools/issues>`_. | ||
In case of trouble, please check there if your issue has already been reported. | ||
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback | ||
`here <https://github.com/OCA/maintainer-tools/issues/new?body=module:%20sql_export%0Aversion:%200.1%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the url is https://github.com/OCA/server-tools/issues 😏
and version is the one of the branch 8.0
@florian-dacosta Thank you, good job! A few comments remain but the module looks fine. |
eaae0ab
to
c175448
Compare
@lmignon No problem, I took your last comments into consideration |
c175448
to
b62da44
Compare
} | ||
with self.assertRaises(except_orm): | ||
self.sql_model.create(self.cr, self.uid, prohibited_query1) | ||
self.sql_model.create(self.cr, self.uid, prohibited_query2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should repeat the 'with' statement before each call to self.sql_model.create
Currently, the assertion is true once one call fails.
def test_prohibited_queries_creation(self):
prohibited_queries = [
"upDaTe sale_order SET partner_id = 1 WHERE id = 1",
"DELETE FROM sale_order;",
" DELETE FROM sale_order ;",
"""DELETE
FROM
sale_order
""",
]
for query in prohibited_queries:
with self.assertRaises(except_orm):
self.sql_model.create(self.cr, self.uid, {'name': 'test_prohibited',
'query': query})
wrong_syntax_query = {
'name': 'test delete3',
'query': """SELCT id FROM sale_order"""
}
with self.assertRaises(except_orm):
self.sql_model.create(self.cr, self.uid, wrong_syntax_query)
ok_query = {
'name': 'test ok',
'query': "SELECT create_date FROM sale_order"
}
query_id = self.sql_model.create(self.cr, self.uid, ok_query)
self.assertIsNotNone(query_id)
b62da44
to
dd8d7e5
Compare
👍 once travis is green |
@@ -0,0 +1,2 @@ | |||
# -*- coding: utf-8 -*- | |||
from . import test_sql_query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Your tests are never launched by odoo .
You need to put your test class into a checks list
checks = [
test_sql_query
]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not know that! I did unit test the same way very recently for a module in v8, and odoo was launching the tests without any troubles.
Is it specific to the v7?
Thanks once again for your help!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in v8, tests are now automatically launched if they are written under the module 'tests' in a submodule with a the name starting with test_
But before V8, we need to add the mentioned lines to say to Odoo which tests must be launched
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I can't see if it ran the tests.
Strange, because in localhost, my odoo did run the tests without any problem.
dd8d7e5
to
c17e0a1
Compare
👍 (functionnal use) |
'version': '0.1', | ||
'author': 'Akretion,Odoo Community Association (OCA)', | ||
'website': 'http://www.akretion.com', | ||
'description': """ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you leave this description key here, it will override the README. Maybe it's best to remove it.
Sorry - not true for v7.
|
||
<menuitem id="sql_export_menu" name="Sql Export" parent="menu_export" sequence="1"/> | ||
|
||
<menuitem id="sql_export_menu_view" name="Sql Export" parent="sql_export_menu" action="sql_export_tree_action" sequence="1"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIMO we're polluting the top menu with yet another option.
Can we fit it in an existing top menu?
Since creating the SQL is quite a reserved feature, I suggest having it under Reporting\Configuration (base.menu_reporting_config
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree it is annoying to add one more option on the top menu.
The problem is that this feature can be used by almost every user.
Yes, just one or two user should be able to create a new sql request, but the requests can be executed by users in sales, purchases, warehouse, etc...
For each request, you can add groups or users, that will determine who can read this request. That is why we need to put the menu somewhere every users can have access.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK the Reporting menu is available for all, only it's option are limited per security group. Can you try that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, it should be ok in the reporting menu.
I'll just add a menu under Reporting/
I don't think it belongs to the configuration submenu
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Use "SQL" in uppercase in the menu labels?
bb62344
to
dd2bfab
Compare
dd2bfab
to
d66e562
Compare
I think it is possible to merge. |
👍 |
This module is usefull when a user knows how to make sql request. He can extract data from the database easily.
He also can choose wich user is able to use the sql resquest he creates.