← Back to team overview

openerp-community team mailing list archive

Re: XMLRPC : special method for raw SQL instead of search + read ?

 

Hello,

You should take a look at erppeek it is a nice  abstraction library to interface OpenERP with external system. 

If you really needs a fast read access to your system to do stats or what else, maybe you should setup a limited postgresql user with strong authentication and read permission on needed table instead of using xmlrpc

My two cents

Nicolas


Christophe Dubuit <cdubuit@xxxxxxxxx> a écrit :
>Okay, but what if this method would be restricted to user with
>"administator" privileges only ?
>
>Plus, we have to see the context. Someone who uses XMLRPC queries...
>usually is an admin, don't you think ?
>
>XMLRPC / JSON queries are for "behind work", "plumber work"... Not
>reallly regular front users.
>
>CD
>
>
>
>________________________________
> De : Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxxxxxx>
>À : Christophe Dubuit <cdubuit@xxxxxxxxx> 
>Cc : "openerp-community@xxxxxxxxxxxxxxxxxxx"
><openerp-community@xxxxxxxxxxxxxxxxxxx> 
>Envoyé le : Mardi 15 octobre 2013 13h40
>Objet : Re: [Openerp-community] XMLRPC : special method for raw SQL
>instead of search + read ?
> 
>
>
>
>
>On mar. 15 oct. 2013 13:32:11 CEST, Christophe Dubuit wrote:
>> Hello,
>>
>> [this is my first message to the mailing list]
>>
>> I would like to make a suggestion regarding XMLRPC (and even JSON).
>>
>> Would it be good to add a special method, in order to be able to send
>> raw SQL queries (SELECT only ) ?
>>
>> Personal background : I've started to use XMLRPC (and some JSON) with
>> OpenERP, and I've found it's much easier (and faster) to deal with
>SQL
>> queries, rather than to compose XML queries for "search" and "read"
>> methods.
>>
>> Each basic query needs 2 XMLRPC queries : first a search, to fetch
>the
>> IDs, and then a read. And it's double work on the client side, to
>> process all XML data that are returned. Then we have to manage
>domain,
>> context etc.
>>
>> It's a tedious work for a simple SELECT.
>>
>> And furthermore SQL is easier for complex queries, like JOIN.
>>
>> I'm not an expert, so maybe there is a technical reason for OpenERP
>to
>> not go this way. If that's the case, could someone explain it to me ?
>>
>> Some people advised me to develop my own module, that would allow the
>> direct processing of SQL SELECT queries. But a real"standard"
>> solution, plug and play, would always be better.
>>
>> What do you think about it ?
>
>I'd strongly advise against this : using raw SQL bypasses the the 
>security rules which are enforced by the ORM.
>
>
>--
>Alexandre Fayolle
>Chef de Projet
>Tel : + 33 (0)4 79 26 57 94
>
>Camptocamp France SAS
>Savoie Technolac, BP 352
>73377 Le Bourget du Lac Cedex
>http://www.camptocamp.com
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Mailing list: https://launchpad.net/~openerp-community
>Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
>Unsubscribe : https://launchpad.net/~openerp-community
>More help   : https://help.launchpad.net/ListHelp

Follow ups

References