openerp-dev-web team mailing list archive
-
openerp-dev-web team
-
Mailing list archive
-
Message #07591
[Merge] lp:~openerp-dev/openobject-addons/6.0-bug-777850-ado into lp:openobject-addons/6.0
Amit Dodiya (OpenERP) has proposed merging lp:~openerp-dev/openobject-addons/6.0-bug-777850-ado into lp:openobject-addons/6.0.
Requested reviews:
Priyesh (Open ERP) (pso-openerp)
Related bugs:
Bug #777850 in OpenERP Addons: "account_followup uses SQL query for getting data, cirmumventing security rules"
https://bugs.launchpad.net/openobject-addons/+bug/777850
For more details, see:
https://code.launchpad.net/~openerp-dev/openobject-addons/6.0-bug-777850-ado/+merge/62656
Hello sir,
In account_followup uses SQL queries to get invoice and partners to sent followups. This doesn't take security rules into account, which is wrong.
So i have add ORM Methods instead of SQL Queries.
Thanks.
--
https://code.launchpad.net/~openerp-dev/openobject-addons/6.0-bug-777850-ado/+merge/62656
Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-addons/6.0-bug-777850-ado.
=== modified file 'account_followup/wizard/account_followup_print.py'
--- account_followup/wizard/account_followup_print.py 2011-05-11 09:16:37 +0000
+++ account_followup/wizard/account_followup_print.py 2011-05-27 11:38:43 +0000
@@ -142,24 +142,21 @@
}
def _get_partners_followp(self, cr, uid, ids, context=None):
+ obj_acc_acc = self.pool.get("account.account")
+ obj_acc_move_line = self.pool.get("account.move.line")
data = {}
if context is None:
context = {}
if ids:
data = self.read(cr, uid, ids, [], context=context)[0]
- cr.execute(
- "SELECT l.partner_id, l.followup_line_id,l.date_maturity, l.date, l.id "\
- "FROM account_move_line AS l "\
- "LEFT JOIN account_account AS a "\
- "ON (l.account_id=a.id) "\
- "WHERE (l.reconcile_id IS NULL) "\
- "AND (a.type='receivable') "\
- "AND (l.state<>'draft') "\
- "AND (l.partner_id is NOT NULL) "\
- "AND (a.active) "\
- "AND (l.debit > 0) "\
- "ORDER BY l.date")
- move_lines = cr.fetchall()
+
+ acc_ids = obj_acc_acc.search(cr, uid, [('type','=','receivable')])
+ move_line_ids = obj_acc_move_line.search(cr, uid,\
+ [('account_id','in',acc_ids),('reconcile_id','=',False),\
+ ('state','!=','draft'),('partner_id','!=',False),\
+ ('debit','>',0)], order='date')
+ move_line_datas = obj_acc_move_line.read(cr, uid, move_line_ids)
+
old = None
fups = {}
fup_id = 'followup_id' in context and context['followup_id'] or data['followup_id']
@@ -183,21 +180,21 @@
partner_list = []
to_update = {}
- for partner_id, followup_line_id, date_maturity,date, id in move_lines:
- if not partner_id:
- continue
- if followup_line_id not in fups:
- continue
- if date_maturity:
- if date_maturity <= fups[followup_line_id][0].strftime('%Y-%m-%d'):
- if partner_id not in partner_list:
- partner_list.append(partner_id)
- to_update[str(id)]= {'level': fups[followup_line_id][1], 'partner_id': partner_id}
- elif date and date <= fups[followup_line_id][0].strftime('%Y-%m-%d'):
- if partner_id not in partner_list:
- partner_list.append(partner_id)
- to_update[str(id)]= {'level': fups[followup_line_id][1], 'partner_id': partner_id}
+ for record in move_line_datas:
+ if not record['partner_id']:
+ continue
+ if record['followup_line_id'] not in fups:
+ continue
+ if record['date_maturity']:
+ if record['date_maturity'] <= fups[record['followup_line_id']][0].strftime('%Y-%m-%d'):
+ if record['partner_id'] not in partner_list:
+ partner_list.append(record['partner_id'])
+ to_update[str(record['id'])]= {'level': fups[record['followup_line_id']][1], 'partner_id': record['partner_id']}
+ elif record['date'] and record['date'] <= fups[record['followup_line_id']][0].strftime('%Y-%m-%d'):
+ if record['partner_id'] not in partner_list:
+ partner_list.append(record['partner_id'])
+ to_update[str(record['id'])]= {'level': fups[record['followup_line_id']][1],'partner_id': record['partner_id']}
return {'partner_ids': partner_list, 'to_update': to_update}
def do_mail(self ,cr, uid, ids, context=None):
