Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/11.0' into 12.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Grzegorz Marczynski committed Aug 10, 2023
2 parents 73b57c8 + 6f99a05 commit 3eb0ac3
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 3 deletions.
4 changes: 2 additions & 2 deletions web_progress/models/web_progress.py
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ def get_all_progress(self, recency=_progress_period_secs * 2):
"""
query = """
SELECT code, array_agg(state) FROM web_progress
WHERE create_date > timezone('utc', now()) - INTERVAL '{recency} SECOND'
WHERE create_date > timezone('utc', now()) - INTERVAL '%s SECOND'
AND recur_depth = 0 {user_id}
GROUP BY code
""".format(
Expand All @@ -168,7 +168,7 @@ def get_all_progress(self, recency=_progress_period_secs * 2):
user_id=self.env.user.id,
) or '')
# superuser has right to see (and cancel) progress of everybody
self.env.cr.execute(query)
self.env.cr.execute(query, (recency, ))
result = self.env.cr.fetchall()
ret = [{
'code': r[0],
Expand Down
33 changes: 32 additions & 1 deletion web_progress/tests/test_web_progress.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
from odoo.tests import common
from odoo import exceptions
from odoo import exceptions, api, registry
from odoo.tools import mute_logger
from psycopg2.errors import SyntaxError
import uuid
import logging
from ..models.web_progress import last_report_time
Expand Down Expand Up @@ -116,3 +118,32 @@ def test_web_progress_percent(self):
self.partner_ids.web_progress_percent(0, "Start")
self.partner_ids.web_progress_percent(50, "Middle")
self.partner_ids.web_progress_percent(100, "End")


class WebProgressTestAllProgress(common.SavepointCase):
at_install = True
post_install = False

@mute_logger('odoo.sql_db')
def test_get_all_progress(self):
"""
Check call to get_all_progress without and with parameters.
Verify if the parameter is properly escaped in the internal SQL query.
"""
progress_code = str(uuid.uuid4())
partner_obj = self.env['res.partner'].with_context(progress_code=progress_code)
partner_obj.web_progress_percent(0, "Start")
with api.Environment.manage():
with registry(self.env.cr.dbname).cursor() as new_cr:
# Create a new environment with a new cursor
new_env = api.Environment(new_cr, self.env.uid, self.env.context)
progress_obj = self.env['web.progress'].with_env(new_env)
res = progress_obj.get_all_progress()
self.assertEqual(res, [{'code': progress_code}])
res = progress_obj.get_all_progress(0)
self.assertEqual(res, [])
with self.assertRaises(SyntaxError) as e:
progress_obj.get_all_progress("0 SECOND' GROUP BY code; "
"SELECT code, array_agg(state) FROM web_progress "
"WHERE create_date > timezone('utc', now()) - INTERVAL '10")
new_cr.rollback()

0 comments on commit 3eb0ac3

Please sign in to comment.