Merge lp:~yann-papouin/ocb-addons/7.0-bug-1169074-pricelist-category-depth into lp:ocb-addons

Proposed by Yann Papouin
Status: Rejected
Rejected by: Holger Brunn (Therp)
Proposed branch: lp:~yann-papouin/ocb-addons/7.0-bug-1169074-pricelist-category-depth
Merge into: lp:ocb-addons
Diff against target: 70 lines (+37/-14)
1 file modified
product/pricelist.py (+37/-14)
To merge this branch: bzr merge lp:~yann-papouin/ocb-addons/7.0-bug-1169074-pricelist-category-depth
Reviewer Review Type Date Requested Status
Holger Brunn (Therp) Disapprove
Guewen Baconnier @ Camptocamp Needs Information
Yannick Vaucher @ Camptocamp code review, no test Approve
Review via email: mp+210163@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Holger Brunn (Therp) (hbrunn) wrote :

same as 6.1-ocb

review: Approve (code review)
Revision history for this message
Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote :
review: Approve (code review, no test)
Revision history for this message
Guewen Baconnier @ Camptocamp (gbaconnier-c2c) wrote :

As you needed to rewrite the query, isn't in an opportunity to remove the injection of the ids in the query and use params in execute()? Even though categ_ids are supposed to be safe here, the correct way is to use the query parameters.

review: Needs Information
Revision history for this message
Yann Papouin (yann-papouin) wrote :

It does not seems to be simple to parameterize this query.
Maybe this change could be made in another proposal and this one could be merged now ?

Revision history for this message
Holger Brunn (Therp) (hbrunn) wrote :

Development for 7.0 has moved to github on https://github.com/OCA/ocb - please move your merge proposal there if it is still valid.

(I close and reject this in order to have a cleaner overview for 6.1 MPs which indeed have to be done on launchpad)

review: Disapprove

Unmerged revisions

9986. By Yann Papouin

[FIX] Pricelist doesn't take category depth into account

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'product/pricelist.py'
2--- product/pricelist.py 2014-03-06 19:09:06 +0000
3+++ product/pricelist.py 2014-03-10 09:56:21 +0000
4@@ -219,8 +219,10 @@
5 categ_ids = _create_parent_category_list(categ_id, [categ_id])
6 if categ_ids:
7 categ_where = '(categ_id IN (' + ','.join(map(str, categ_ids)) + '))'
8+ categ_where_i = '(i.categ_id IN (' + ','.join(map(str, categ_ids)) + '))'
9 else:
10 categ_where = '(categ_id IS NULL)'
11+ categ_where_i = '(i.categ_id IS NULL)'
12
13 if partner:
14 partner_where = 'base <> -2 OR %s IN (SELECT name FROM product_supplierinfo WHERE product_id = %s) '
15@@ -228,20 +230,41 @@
16 else:
17 partner_where = 'base <> -2 '
18 partner_args = ()
19-
20- cr.execute(
21- 'SELECT i.*, pl.currency_id '
22- 'FROM product_pricelist_item AS i, '
23- 'product_pricelist_version AS v, product_pricelist AS pl '
24- 'WHERE (product_tmpl_id IS NULL OR product_tmpl_id = %s) '
25- 'AND (product_id IS NULL OR product_id = %s) '
26- 'AND (' + categ_where + ' OR (categ_id IS NULL)) '
27- 'AND (' + partner_where + ') '
28- 'AND price_version_id = %s '
29- 'AND (min_quantity IS NULL OR min_quantity <= %s) '
30- 'AND i.price_version_id = v.id AND v.pricelist_id = pl.id '
31- 'ORDER BY sequence',
32- (tmpl_id, product_id) + partner_args + (pricelist_version_ids[0], qty))
33+
34+ query = (
35+ 'SELECT '
36+ 'i.*, pl.currency_id , p.* '
37+ 'FROM '
38+ 'product_pricelist_item AS i '
39+ 'JOIN product_pricelist_version AS v '
40+ 'ON i.price_version_id = v.id '
41+ 'JOIN product_pricelist AS pl '
42+ 'ON v.pricelist_id = pl.id '
43+ 'LEFT OUTER JOIN ( '
44+ 'WITH RECURSIVE subtree(depth, categ_id, parent_id, name) AS ( '
45+ 'SELECT 0, id, parent_id, name FROM product_category WHERE parent_id is NULL '
46+ 'UNION '
47+ 'SELECT depth+1, m.id, m.parent_id, m.name '
48+ 'FROM subtree t, product_category m '
49+ 'WHERE m.parent_id = t.categ_id '
50+ ') '
51+ 'SELECT * '
52+ 'FROM subtree '
53+ 'WHERE (' + categ_where + ' OR (categ_id IS NULL)) '
54+ ') AS p '
55+ 'on i.categ_id = p.categ_id '
56+ 'WHERE '
57+ '(product_tmpl_id IS NULL OR product_tmpl_id = %s) '
58+ 'AND (product_id IS NULL OR product_id = %s) '
59+ 'AND (' + categ_where_i + ' OR (i.categ_id IS NULL)) '
60+ 'AND (' + partner_where + ') '
61+ 'AND price_version_id = %s '
62+ 'AND (min_quantity IS NULL OR min_quantity <= %s) '
63+ 'ORDER BY '
64+ 'sequence, depth desc '
65+ ) % ((tmpl_id, product_id) + partner_args + (pricelist_version_ids[0], qty))
66+
67+ cr.execute(query)
68 res1 = cr.dictfetchall()
69 uom_price_already_computed = False
70 for res in res1: