← Back to team overview

openerp-community team mailing list archive

Re: XMLRPC : special method for raw SQL instead of search + read ?

 

Okay, but what if this method would be restricted to user with "administator" privileges only ?

Plus, we have to see the context. Someone who uses XMLRPC queries... usually is an admin, don't you think ?

XMLRPC / JSON queries are for "behind work", "plumber work"... Not reallly regular front users.

CD



________________________________
 De : Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxxxxxx>
À : Christophe Dubuit <cdubuit@xxxxxxxxx> 
Cc : "openerp-community@xxxxxxxxxxxxxxxxxxx" <openerp-community@xxxxxxxxxxxxxxxxxxx> 
Envoyé le : Mardi 15 octobre 2013 13h40
Objet : Re: [Openerp-community] XMLRPC : special method for raw SQL instead of search + read ?
 




On mar. 15 oct. 2013 13:32:11 CEST, Christophe Dubuit wrote:
> Hello,
>
> [this is my first message to the mailing list]
>
> I would like to make a suggestion regarding XMLRPC (and even JSON).
>
> Would it be good to add a special method, in order to be able to send
> raw SQL queries (SELECT only ) ?
>
> Personal background : I've started to use XMLRPC (and some JSON) with
> OpenERP, and I've found it's much easier (and faster) to deal with SQL
> queries, rather than to compose XML queries for "search" and "read"
> methods.
>
> Each basic query needs 2 XMLRPC queries : first a search, to fetch the
> IDs, and then a read. And it's double work on the client side, to
> process all XML data that are returned. Then we have to manage domain,
> context etc.
>
> It's a tedious work for a simple SELECT.
>
> And furthermore SQL is easier for complex queries, like JOIN.
>
> I'm not an expert, so maybe there is a technical reason for OpenERP to
> not go this way. If that's the case, could someone explain it to me ?
>
> Some people advised me to develop my own module, that would allow the
> direct processing of SQL SELECT queries. But a real"standard"
> solution, plug and play, would always be better.
>
> What do you think about it ?

I'd strongly advise against this : using raw SQL bypasses the the 
security rules which are enforced by the ORM.


--
Alexandre Fayolle
Chef de Projet
Tel : + 33 (0)4 79 26 57 94

Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac Cedex
http://www.camptocamp.com

Follow ups

References