openerp-community team mailing list archive

Thread
Date

Re: XMLRPC : special method for raw SQL instead of search + read ?

To: Nicolas Bessi <nicolas.bessi@xxxxxxxxxxxxxx>
From: Leonardo Pistone <leonardo.pistone@xxxxxxxxxxx>
Date: Wed, 16 Oct 2013 17:04:30 +0200
Cc: "openerp-community@xxxxxxxxxxxxxxxxxxx" <openerp-community@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <151c43be-0141-469a-bee4-b64f6ee2ffa5@email.android.com>

I agree with Nicolas & others. Rafael's slides are here
http://www.slideshare.net/openobject/presentation-of-the-new-openerp-api-raphael-collet-openerp

and he has a WIP branch with a cool name:
https://code.launchpad.net/~openerp-dev/openobject-server/trunk-apiculture-rco

@Christophe: as others said, I don't see a use case for raw SQL with no
security via xml-rpc instead of directly to the database. Can you make an
example?

Leo


On Tue, Oct 15, 2013 at 5:02 PM, Nicolas Bessi <nicolas.bessi@xxxxxxxxxxxxxx
> wrote:

> Hello,
>
> Internal Api design is an other topic that clearly needs to be improved.
> You should refer to new api slides of OpenERP days 2013 and the
> corresponding branch on launchapd (sorry I have no pointer here) to have an
> idea of improvement that are coming.
>
> Regards
>
> Nicolas
>
>
> Ovnicraft <ovnicraft@xxxxxxxxx> a écrit :
>
>>
>>
>>
>> On Tue, Oct 15, 2013 at 7:57 AM, Nicolas Bessi <
>> nicolas.bessi@xxxxxxxxxxxxxx> wrote:
>>
>>> Hello,
>>>
>>> You should take a look at erppeek it is a nice abstraction library to
>>> interface OpenERP with external system.
>>>
>>> If you really needs a fast read access to your system to do stats or
>>> what else, maybe you should setup a limited postgresql user with strong
>>> authentication and read permission on needed table instead of using xmlrpc
>>>
>>
>> This is a good solution for third party apps but requirement still exists
>> inside, all modules are coded search, read.
>>
>> Regards,
>>
>>
>>>
>>> My two cents
>>>
>>> Nicolas
>>>
>>>
>>> Christophe Dubuit <cdubuit@xxxxxxxxx> a écrit :
>>>>
>>>>  Okay, but what if this method would be restricted to user with
>>>> "administator" privileges only ?
>>>>
>>>> Plus, we have to see the context. Someone who uses XMLRPC queries...
>>>> usually is an admin, don't you think ?
>>>>
>>>> XMLRPC / JSON queries are for "behind work", "plumber work"... Not
>>>> reallly regular front users.
>>>>
>>>> CD
>>>>
>>>>   ------------------------------
>>>>  *De :* Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxxxxxx>
>>>> *À :* Christophe Dubuit <cdubuit@xxxxxxxxx>
>>>> *Cc :* "openerp-community@xxxxxxxxxxxxxxxxxxx" <
>>>> openerp-community@xxxxxxxxxxxxxxxxxxx>
>>>> *Envoyé le :* Mardi 15 octobre 2013 13h40
>>>> *Objet :* Re: [Openerp-community] XMLRPC : special method for raw SQL
>>>> instead of search + read ?
>>>>
>>>>
>>>>
>>>> On mar. 15 oct. 2013 13:32:11 CEST, Christophe Dubuit wrote:
>>>> > Hello,
>>>> >
>>>> > [this is my first message to the mailing list]
>>>> >
>>>> > I would like to make a suggestion regarding XMLRPC (and even JSON).
>>>> >
>>>> > Would it be good to add a special method, in order to be able to send
>>>> > raw SQL queries (SELECT only ) ?
>>>> >
>>>> > Personal background : I've started to use XMLRPC (and some JSON) with
>>>> > OpenERP, and I've found it's much easier (and faster) to deal with SQL
>>>> > queries, rather than to compose XML queries for "search" and "read"
>>>> > methods.
>>>> >
>>>> > Each basic query needs 2 XMLRPC queries : first a search, to fetch the
>>>> > IDs, and then a read. And it's double work on the client side, to
>>>> > process all XML data that are returned. Then we have to manage domain,
>>>> > context etc.
>>>> >
>>>> > It's a tedious work for a simple SELECT.
>>>> >
>>>> > And furthermore SQL is easier for complex queries, like JOIN.
>>>> >
>>>> > I'm not an expert, so maybe there is a technical reason for OpenERP to
>>>> > not go this way. If that's the case, could someone explain it to me ?
>>>> >
>>>> > Some people advised me to develop my own module, that would allow the
>>>> > direct processing of SQL SELECT queries. But a real"standard"
>>>> > solution, plug and play, would always be better.
>>>> >
>>>> > What do you think about it ?
>>>>
>>>>
>>>> I'd strongly advise against this : using raw SQL bypasses the the
>>>> security rules which are enforced by the ORM.
>>>>
>>>>
>>>> --
>>>> Alexandre Fayolle
>>>> Chef de Projet
>>>> Tel : + 33 (0)4 79 26 57 94
>>>>
>>>> Camptocamp France SAS
>>>> Savoie Technolac, BP 352
>>>> 73377 Le Bourget du Lac Cedex
>>>> http://www.camptocamp.com
>>>>
>>>>
>>>>
>>>>
>>>>  ------------------------------
>>>>
>>>> Mailing list: https://launchpad.net/~openerp-community
>>>>
>>>>
>>>> Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openerp-community
>>>>
>>>>
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openerp-community
>>> Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openerp-community
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Cristian Salamea
>> @ovnicraft
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openerp-community
> Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openerp-community
> More help   : https://help.launchpad.net/ListHelp
>
>

References

XMLRPC : special method for raw SQL instead of search + read ?
From: Christophe Dubuit, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Alexandre Fayolle, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Christophe Dubuit, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Nicolas Bessi, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Ovnicraft, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Nicolas Bessi, 2013-10-15