odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

Fix quoting of ids when passed to sql. 

bzr revid: p_christ@hol.gr-20090903073240-cyydggro48990k2s
This commit is contained in:
P. Christeas 2009-09-03 10:32:40 +03:00
parent 9e2d058641
commit 0b5b67b336
6 changed files with 16 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/addons/base/ir/ir_values.py
View File

@ -249,8 +249,7 @@ class ir_values(osv.osv):
if r[2].has_key('groups_id'):
groups = r[2]['groups_id']
if len(groups) > 0:
group_ids = ','.join([ str(x) for x in r[2]['groups_id']])
cr.execute("select count(*) from res_groups_users_rel where gid in (%s) and uid='%s'" % (group_ids, uid))
cr.execute("SELECT count(*) FROM res_groups_users_rel WHERE gid = ANY(%s) AND uid=%s",(groups, uid))
gr_ids = cr.fetchall()
if not gr_ids[0][0] > 0:
res2.remove(r)

2
bin/addons/base/res/ir_property.py
View File

@ -59,7 +59,7 @@ class ir_property(osv.osv):
}
def unlink(self, cr, uid, ids, context={}):
if ids:
cr.execute('delete from ir_model_fields where id in (select fields_id from ir_property where (fields_id is not null) and (id in ('+','.join(map(str,ids))+')))')
cr.execute('DELETE FROM ir_model_fields WHERE id IN (SELECT fields_id FROM ir_property WHERE (fields_id IS NOT NULL) AND (id = ANY (%s)))', (ids,))
res = super(ir_property, self).unlink(cr, uid, ids, context)
return res

4
bin/osv/expression.py
View File

@ -45,13 +45,13 @@ class expression(object):
or (internal and element[1] in INTERNAL_OPS))
def __execute_recursive_in(self, cr, s, f, w, ids):
# todo: merge into parent query as sub-query
res = []
for i in range(0, len(ids), cr.IN_MAX):
subids = ids[i:i+cr.IN_MAX]
cr.execute('SELECT "%s"' \
' FROM "%s"' \
' WHERE "%s" in (%s)' % (s, f, w, ','.join(['%s']*len(subids))),
subids)
' WHERE "%s" = ANY (%%s)' % (s, f, w), (subids,))
res.extend([r[0] for r in cr.fetchall()])
return res

7
bin/osv/fields.py
View File

@ -458,7 +458,7 @@ class one2many(_column):
elif act[0] == 6:
obj.write(cr, user, act[2], {self._fields_id:id}, context=context or {})
ids2 = act[2] or [0]
cr.execute('select id from '+_table+' where '+self._fields_id+'=%s and id not in ('+','.join(map(str, ids2))+')', (id,))
cr.execute('select id from '+_table+' where '+self._fields_id+'=%s and id <> ALL (%s)', (id,ids2))
ids3 = map(lambda x:x[0], cr.fetchall())
obj.write(cr, user, ids3, {self._fields_id:False}, context=context or {})
return result
@ -503,7 +503,6 @@ class many2many(_column):
return res
for id in ids:
res[id] = []
ids_s = ','.join(map(str, ids))
limit_str = self._limit is not None and ' limit %d' % self._limit or ''
obj = obj.pool.get(self._obj)
@ -513,10 +512,10 @@ class many2many(_column):
cr.execute('SELECT '+self._rel+'.'+self._id2+','+self._rel+'.'+self._id1+' \
FROM '+self._rel+' , '+obj._table+' \
WHERE '+self._rel+'.'+self._id1+' in ('+ids_s+') \
WHERE '+self._rel+'.'+self._id1+' = ANY (%s) \
AND '+self._rel+'.'+self._id2+' = '+obj._table+'.id '+d1
+limit_str+' order by '+obj._table+'.'+obj._order+' offset %s',
d2+[offset])
[ids,]+d2+[offset])
for r in cr.fetchall():
res[r[1]].append(r[0])
return res

16
bin/osv/orm.py
View File

@ -1564,7 +1564,7 @@ class orm_memory(orm_template):
if id in self.datas:
del self.datas[id]
if len(ids):
cr.execute('delete from wkf_instance where res_type=%s and res_id in ('+','.join(map(str, ids))+')', (self._name, ))
cr.execute('delete from wkf_instance where res_type=%s and res_id = ANY (%s)', (self._name,ids))
return True
def perm_read(self, cr, user, ids, context=None, details=True):
@ -2140,18 +2140,16 @@ class orm(orm_template):
for i in range(0, len(ids), cr.IN_MAX):
sub_ids = ids[i:i+cr.IN_MAX]
if d1:
cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) AND %s ORDER BY %s' % \
(','.join(fields_pre2 + ['id']), self._table,
','.join(['%s' for x in sub_ids]), d1,
self._order),sub_ids + d2)
cr.execute('SELECT %s FROM \"%s\" WHERE id = ANY (%%s) AND %s ORDER BY %s' % \
(','.join(fields_pre2 + ['id']), self._table, d1,
self._order),[sub_ids,]+d2)
if not cr.rowcount == len({}.fromkeys(sub_ids)):
raise except_orm(_('AccessError'),
_('You try to bypass an access rule (Document type: %s).') % self._description)
else:
cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) ORDER BY %s' % \
cr.execute('SELECT %s FROM \"%s\" WHERE id = ANY (%%s) ORDER BY %s' % \
(','.join(fields_pre2 + ['id']), self._table,
','.join(['%s' for x in sub_ids]),
self._order), sub_ids)
self._order), (sub_ids,))
res.extend(cr.dictfetchall())
else:
res = map(lambda x: {'id': x}, ids)
@ -2994,7 +2992,7 @@ class orm(orm_template):
sub_ids_parent = ids_parent[i:i+cr.IN_MAX]
cr.execute('SELECT distinct "'+parent+'"'+
' FROM "'+self._table+'" ' \
'WHERE id in ('+','.join(map(str, sub_ids_parent))+')')
'WHERE id = ANY(%s)',(sub_ids_parent,))
ids_parent2.extend(filter(None, map(lambda x: x[0], cr.fetchall())))
ids_parent = ids_parent2
for i in ids_parent:

4
bin/tools/misc.py
View File

@ -837,11 +837,11 @@ def get_user_companies(cr, user):
def _get_company_children(cr, ids):
if not ids:
return []
cr.execute('SELECT id FROM res_company WHERE parent_id = any(array[%s])' %(','.join([str(x) for x in ids]),))
cr.execute('SELECT id FROM res_company WHERE parent_id = ANY (%s)', (ids,))
res=[x[0] for x in cr.fetchall()]
res.extend(_get_company_children(cr, res))
return res
cr.execute('SELECT comp.id FROM res_company AS comp, res_users AS u WHERE u.id = %s AND comp.id = u.company_id' % (user,))
cr.execute('SELECT comp.id FROM res_company AS comp, res_users AS u WHERE u.id = %s AND comp.id = u.company_id', (user,))
compids=[cr.fetchone()[0]]
compids.extend(_get_company_children(cr, compids))
return compids