Fix quoting of ids when passed to sql.
bzr revid: p_christ@hol.gr-20090903073240-cyydggro48990k2s
This commit is contained in:
parent
9e2d058641
commit
0b5b67b336
|
@ -249,8 +249,7 @@ class ir_values(osv.osv):
|
|||
if r[2].has_key('groups_id'):
|
||||
groups = r[2]['groups_id']
|
||||
if len(groups) > 0:
|
||||
group_ids = ','.join([ str(x) for x in r[2]['groups_id']])
|
||||
cr.execute("select count(*) from res_groups_users_rel where gid in (%s) and uid='%s'" % (group_ids, uid))
|
||||
cr.execute("SELECT count(*) FROM res_groups_users_rel WHERE gid = ANY(%s) AND uid=%s",(groups, uid))
|
||||
gr_ids = cr.fetchall()
|
||||
if not gr_ids[0][0] > 0:
|
||||
res2.remove(r)
|
||||
|
|
|
@ -59,7 +59,7 @@ class ir_property(osv.osv):
|
|||
}
|
||||
def unlink(self, cr, uid, ids, context={}):
|
||||
if ids:
|
||||
cr.execute('delete from ir_model_fields where id in (select fields_id from ir_property where (fields_id is not null) and (id in ('+','.join(map(str,ids))+')))')
|
||||
cr.execute('DELETE FROM ir_model_fields WHERE id IN (SELECT fields_id FROM ir_property WHERE (fields_id IS NOT NULL) AND (id = ANY (%s)))', (ids,))
|
||||
res = super(ir_property, self).unlink(cr, uid, ids, context)
|
||||
return res
|
||||
|
||||
|
|
|
@ -45,13 +45,13 @@ class expression(object):
|
|||
or (internal and element[1] in INTERNAL_OPS))
|
||||
|
||||
def __execute_recursive_in(self, cr, s, f, w, ids):
|
||||
# todo: merge into parent query as sub-query
|
||||
res = []
|
||||
for i in range(0, len(ids), cr.IN_MAX):
|
||||
subids = ids[i:i+cr.IN_MAX]
|
||||
cr.execute('SELECT "%s"' \
|
||||
' FROM "%s"' \
|
||||
' WHERE "%s" in (%s)' % (s, f, w, ','.join(['%s']*len(subids))),
|
||||
subids)
|
||||
' WHERE "%s" = ANY (%%s)' % (s, f, w), (subids,))
|
||||
res.extend([r[0] for r in cr.fetchall()])
|
||||
return res
|
||||
|
||||
|
|
|
@ -458,7 +458,7 @@ class one2many(_column):
|
|||
elif act[0] == 6:
|
||||
obj.write(cr, user, act[2], {self._fields_id:id}, context=context or {})
|
||||
ids2 = act[2] or [0]
|
||||
cr.execute('select id from '+_table+' where '+self._fields_id+'=%s and id not in ('+','.join(map(str, ids2))+')', (id,))
|
||||
cr.execute('select id from '+_table+' where '+self._fields_id+'=%s and id <> ALL (%s)', (id,ids2))
|
||||
ids3 = map(lambda x:x[0], cr.fetchall())
|
||||
obj.write(cr, user, ids3, {self._fields_id:False}, context=context or {})
|
||||
return result
|
||||
|
@ -503,7 +503,6 @@ class many2many(_column):
|
|||
return res
|
||||
for id in ids:
|
||||
res[id] = []
|
||||
ids_s = ','.join(map(str, ids))
|
||||
limit_str = self._limit is not None and ' limit %d' % self._limit or ''
|
||||
obj = obj.pool.get(self._obj)
|
||||
|
||||
|
@ -513,10 +512,10 @@ class many2many(_column):
|
|||
|
||||
cr.execute('SELECT '+self._rel+'.'+self._id2+','+self._rel+'.'+self._id1+' \
|
||||
FROM '+self._rel+' , '+obj._table+' \
|
||||
WHERE '+self._rel+'.'+self._id1+' in ('+ids_s+') \
|
||||
WHERE '+self._rel+'.'+self._id1+' = ANY (%s) \
|
||||
AND '+self._rel+'.'+self._id2+' = '+obj._table+'.id '+d1
|
||||
+limit_str+' order by '+obj._table+'.'+obj._order+' offset %s',
|
||||
d2+[offset])
|
||||
[ids,]+d2+[offset])
|
||||
for r in cr.fetchall():
|
||||
res[r[1]].append(r[0])
|
||||
return res
|
||||
|
|
|
@ -1564,7 +1564,7 @@ class orm_memory(orm_template):
|
|||
if id in self.datas:
|
||||
del self.datas[id]
|
||||
if len(ids):
|
||||
cr.execute('delete from wkf_instance where res_type=%s and res_id in ('+','.join(map(str, ids))+')', (self._name, ))
|
||||
cr.execute('delete from wkf_instance where res_type=%s and res_id = ANY (%s)', (self._name,ids))
|
||||
return True
|
||||
|
||||
def perm_read(self, cr, user, ids, context=None, details=True):
|
||||
|
@ -2140,18 +2140,16 @@ class orm(orm_template):
|
|||
for i in range(0, len(ids), cr.IN_MAX):
|
||||
sub_ids = ids[i:i+cr.IN_MAX]
|
||||
if d1:
|
||||
cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) AND %s ORDER BY %s' % \
|
||||
(','.join(fields_pre2 + ['id']), self._table,
|
||||
','.join(['%s' for x in sub_ids]), d1,
|
||||
self._order),sub_ids + d2)
|
||||
cr.execute('SELECT %s FROM \"%s\" WHERE id = ANY (%%s) AND %s ORDER BY %s' % \
|
||||
(','.join(fields_pre2 + ['id']), self._table, d1,
|
||||
self._order),[sub_ids,]+d2)
|
||||
if not cr.rowcount == len({}.fromkeys(sub_ids)):
|
||||
raise except_orm(_('AccessError'),
|
||||
_('You try to bypass an access rule (Document type: %s).') % self._description)
|
||||
else:
|
||||
cr.execute('SELECT %s FROM \"%s\" WHERE id IN (%s) ORDER BY %s' % \
|
||||
cr.execute('SELECT %s FROM \"%s\" WHERE id = ANY (%%s) ORDER BY %s' % \
|
||||
(','.join(fields_pre2 + ['id']), self._table,
|
||||
','.join(['%s' for x in sub_ids]),
|
||||
self._order), sub_ids)
|
||||
self._order), (sub_ids,))
|
||||
res.extend(cr.dictfetchall())
|
||||
else:
|
||||
res = map(lambda x: {'id': x}, ids)
|
||||
|
@ -2994,7 +2992,7 @@ class orm(orm_template):
|
|||
sub_ids_parent = ids_parent[i:i+cr.IN_MAX]
|
||||
cr.execute('SELECT distinct "'+parent+'"'+
|
||||
' FROM "'+self._table+'" ' \
|
||||
'WHERE id in ('+','.join(map(str, sub_ids_parent))+')')
|
||||
'WHERE id = ANY(%s)',(sub_ids_parent,))
|
||||
ids_parent2.extend(filter(None, map(lambda x: x[0], cr.fetchall())))
|
||||
ids_parent = ids_parent2
|
||||
for i in ids_parent:
|
||||
|
|
|
@ -837,11 +837,11 @@ def get_user_companies(cr, user):
|
|||
def _get_company_children(cr, ids):
|
||||
if not ids:
|
||||
return []
|
||||
cr.execute('SELECT id FROM res_company WHERE parent_id = any(array[%s])' %(','.join([str(x) for x in ids]),))
|
||||
cr.execute('SELECT id FROM res_company WHERE parent_id = ANY (%s)', (ids,))
|
||||
res=[x[0] for x in cr.fetchall()]
|
||||
res.extend(_get_company_children(cr, res))
|
||||
return res
|
||||
cr.execute('SELECT comp.id FROM res_company AS comp, res_users AS u WHERE u.id = %s AND comp.id = u.company_id' % (user,))
|
||||
cr.execute('SELECT comp.id FROM res_company AS comp, res_users AS u WHERE u.id = %s AND comp.id = u.company_id', (user,))
|
||||
compids=[cr.fetchone()[0]]
|
||||
compids.extend(_get_company_children(cr, compids))
|
||||
return compids
|
||||
|
|
Loading…
Reference in New Issue