Odoo 14, issue when trying to computing bank balance in treasury module

Question

i got work to fix error when computing but i still dont have idea how to fix it because i'm still newbie

Odoo Server Error

Traceback (most recent call last): File "/home/equipAccounting/equip/odoo/addons/base/models/ir_http.py", line 237, in _dispatch result = request.dispatch() File "/home/equipAccounting/equip/odoo/http.py", line 683, in dispatch result = self._call_function(**self.params) File "/home/equipAccounting/equip/odoo/http.py", line 359, in _call_function return checked_call(self.db, args, *kwargs) File "/home/equipAccounting/equip/odoo/service/model.py", line 94, in wrapper return f(dbname, args, *kwargs) File "/home/equipAccounting/equip/odoo/http.py", line 347, in checked_call result = self.endpoint(*a, **kw) File "/home/equipAccounting/equip/odoo/http.py", line 912, in call return self.method(*args, **kw) File "/home/equipAccounting/equip/odoo/http.py", line 531, in response_wrap response = f(*args, **kw) File "/home/equipAccounting/equip/addons/basic/web/controllers/main.py", line 1393, in call_button action = self._call_kw(model, method, args, kwargs) File "/home/equipAccounting/equip/addons/basic/web/controllers/main.py", line 1381, in _call_kw return call_kw(request.env[model], method, args, kwargs) File "/home/equipAccounting/equip/odoo/api.py", line 396, in call_kw result = _call_kw_multi(method, model, args, kwargs) File "/home/equipAccounting/equip/odoo/api.py", line 383, in _call_kw_multi result = method(recs, args, *kwargs) File "/home/equipAccounting/equip/addons/core/treasury_forecast/models/treasury_bank_forecast.py", line 290, in compute_bank_balances self.env.cr.execute(main_query) File "/usr/local/lib/python3.8/dist-packages/decorator.py", line 232, in fun return caller(func, (extras + args), *kw) File "/home/equipAccounting/equip/odoo/sql_db.py", line 101, in check return f(self, args, *kwargs) File "/home/equipAccounting/equip/odoo/sql_db.py", line 298, in execute res = self._obj.execute(query, params) Exception

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/home/equipAccounting/equip/odoo/http.py", line 639, in _handle_exception return super(JsonRequest, self)._handle_exception(exception) File "/home/equipAccounting/equip/odoo/http.py", line 315, in _handle_exception raise exception.with_traceback(None) from new_cause psycopg2.errors.SyntaxError: syntax error at or near ")" LINE 9:
WHERE abs.journal_id IN ()

and here is the code :

def get_bank_fc_query(self, fc_journal_list, date_start, date_end,company_domain):
    query = """                
            UNION
            SELECT CAST('FBK' AS text) AS type, absl.id AS ID, am.date,                    absl.payment_ref as name, am.company_id, absl.amount_main_currency                    as amount, absl.cf_forecast, abs.journal_id, NULL as kind                FROM account_bank_statement_line absl                
            LEFT JOIN account_move am ON (absl.move_id = am.id)                
            LEFT JOIN account_bank_statement abs ON (absl.statement_id = abs.id)
            WHERE abs.journal_id IN {}                    
            AND am.date BETWEEN '{}' AND '{}'                    
            AND am.company_id in {}            """
            .format(str(fc_journal_list), date_start, date_end,company_domain)
            return query

def get_acc_move_query(self, date_start, date_end, company_domain):
    query = """            
            UNION
            SELECT CAST('FPL' AS text) AS type, aml.id AS ID,aml.treasury_date AS date, am.name AS name, aml.company_id,                aml.amount_residual AS amount, NULL AS cf_forecast,                
            NULL AS journal_id, am.move_type as kind            
            FROM account_move_line aml            
            LEFT JOIN account_move am ON (aml.move_id = am.id)            
            WHERE am.state NOT IN ('draft')                
            AND aml.treasury_planning AND aml.amount_residual != 0                
            AND aml.treasury_date BETWEEN '{}' AND '{}'                
            AND aml.company_id in {}        """
            .format(date_start, date_end, company_domain)
            return query

Thanks in advance

Try using _parameter substitution_ to use [variables in SQL queries](https://stackoverflow.com/questions/902408/how-to-use-variables-in-sql-statement-in-python?r=SearchResults&s=3%7C26.7749). — snakecharmerb, Nov 11 '22 at 10:30
Don't forget to check the answer that solved the issue, or write an answer yourself that solved the issue, to help future readers of your problem. — switch87, Nov 15 '22 at 17:56

switch87 · Answer 1 · 2022-11-12T20:24:34.593

1

Odoo has a very powerful ORM API to do the psql queries. Is there a good reason you use sql instead?

The functions you need are, Read for selecting the fields you use, search and filtered for filtering the results.

I suggest reading the following tutorial. https://www.odoo.com/documentation/14.0/developer/reference/addons/orm.html#search-read

also look at good examples inside the odoo source, I think the stock module is a good place to see some examples. https://github.com/odoo/odoo/blob/14.0/addons/stock/models/stock_move.py

To fix the error without removing the query, In the function calling get_bank_fc_query you have to check for empty lists first. In python that is very easy, becouse everything that is empty equals False, so do this:

if not fc_journal_list:
    raise exceptions.UserError('fc_journal_list cannot be empty')

query = self.get_bank_fc_query(fc_journal_list, date_start, date_end,company_domain
....

edited Nov 12 '22 at 20:24

answered Nov 11 '22 at 08:54

switch87

295
1
18

1

I dont know, i'm just new hire and new into database things so i still have no idea why use sql. I just got task to fix the error things. Thank you for your suggestion, i will try to learn – Denny Nov 11 '22 at 16:49
1

@Denny the actual problem is fc_journal_list is empty... but still, using sql in Odoo like this is messy, very messy. The sql is joining tables while these tables are already joined in Odoo, since it is Object Oriented programmed. But I understand somebody else wrote the code... just do better yourself ;p It will make debugging so much easier and the code so much cleaner. – switch87 Nov 12 '22 at 18:26
perhaps did you know how to fix it ? haha, that's why my mind really blank with this code. I just learn odoo 2 months ago from bootcamp and now i got debugging task :( also, my senior only read my chat when i am asking, i really need help haha :( – Denny Nov 12 '22 at 18:56
@Denny see my eddit – switch87 Nov 12 '22 at 20:24
should i change def get_bank_fc_query ... with query = self.get_bank_fc_query... ? – Denny Nov 13 '22 at 04:11
@Denny No you have to do the check I mentioned everywhere def get_bank_fc_query gets called. so you don't change the function itself but you change the code that calls it. – switch87 Nov 14 '22 at 08:55

score 1 · Answer 2 · answered Nov 11 '22 at 10:45

1

The error has nothing to do with Odoo.

psycopg2.errors.SyntaxError: syntax error at or near ")" LINE 9: WHERE abs.journal_id IN ()

It's cleary a syntax error in the query itself. You're using the IN operator without having a value list afterwards.

Your fc_journal_list parameter doesn't have values on your call. You should catch an empty list before creating the query.

And then there are atleast 2 big security risks in your code:

never ever use string formatting for querys, the comment under your question already points to variables in SQL queries that's the common mistake to make SQL injections an easy thing...
don't make such security risky methods (here both query returning methods) public to the odoo external API. Just add a _ at the beginning of the method names and you're fine on that part.

answered Nov 11 '22 at 10:45

CZoellner

13,553
3
25
38

thank you, should i make empty list fc_journal_list = [] like this ? sorry i'm really new in database things. Also thank you for your points about security, i will tell my IT consultant about that – Denny Nov 11 '22 at 16:47
It's not a syntax error in the query. The query is ok, but there should be a check first if fc_journal_list is not empty before running the query.That can best be done in the python code. – switch87 Nov 12 '22 at 18:31
The methods only return a query string, so they being public is not a risk for sql injection. – switch87 Nov 12 '22 at 18:33
@switch87 yes not yet ;-) but giving some information about the database structure itself is a security risk. – CZoellner Nov 14 '22 at 08:06
In the end it is a syntax error, even if the query template is okay. @Denny you should check on empty list even before calling `get_bank_fc_query`. – CZoellner Nov 14 '22 at 08:40
@CZoellner Odoo is open source, everyone knows the database structure... – switch87 Nov 14 '22 at 08:52
@switch87 i don't know of treasury_date and treasury_planning of odoo standard code. It is a security __risk__. – CZoellner Nov 14 '22 at 09:15
@CZoellner I want to say, with your way of thinking, Odoo is a security risk. Also this kind of strings are all over Odoo in the older code that is still in use in v16. So, no, this is not a security risk. – switch87 Nov 14 '22 at 12:45
It's a risk no matter how many more risks are in the code. You as developer should always try to avoid even little risks. And avoiding this special case here, is very easy, so do it. With your thinking Odoo legacy and new code would be open (in a security context) as hell... – CZoellner Nov 14 '22 at 13:30
@CZoellner Okay, you are right; don't use any standard Odoo functionality, because it's not safe. lol – switch87 Nov 15 '22 at 17:54
You don't get my point or our thoughts aren't compatible... life goes on, i won't discuss it with you because it's not helping or solving this question. – CZoellner Nov 16 '22 at 09:36

Odoo 14, issue when trying to computing bank balance in treasury module

2 Answers2