odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

Remove sql injection problem 

lp bug: https://launchpad.net/bugs/429327 fixed

bzr revid: hda@tinyerp.com-20091021072449-rc9usc422tb0kv2f
This commit is contained in:
HDA (OpenERP) 2009-10-21 12:54:49 +05:30
parent 251b6720ca
commit b7f6bc4c8e
46 changed files with 2027 additions and 1960 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
addons/account/account.py
View File

@ -729,7 +729,7 @@ class account_move(osv.osv):
def _amount_compute(self, cr, uid, ids, name, args, context, where =''):
if not ids: return {}
cr.execute('select move_id,sum(debit) from account_move_line where move_id in ('+','.join(map(str,ids))+') group by move_id')
cr.execute('select move_id,sum(debit) from account_move_line where move_id in ('+','.join(map(str,map(int, ids)))+') group by move_id')
result = dict(cr.fetchall())
for id in ids:
result.setdefault(id, 0.0)
@ -807,7 +807,7 @@ class account_move(osv.osv):
if new_name:
self.write(cr, uid, [move.id], {'name':new_name})
cr.execute('update account_move set state=%s where id in ('+','.join(map(str,ids))+')', ('posted',))
cr.execute('update account_move set state=%s where id in ('+','.join(map(str, ids))+')', ('posted',))
else:
raise osv.except_osv(_('Integrity Error !'), _('You can not validate a non-balanced entry !'))
return True
@ -820,7 +820,7 @@ class account_move(osv.osv):
if not line.journal_id.update_posted:
raise osv.except_osv(_('Error !'), _('You can not modify a posted entry of this journal !\nYou should set the journal to allow cancelling entries if you want to do that.'))
if len(ids):
cr.execute('update account_move set state=%s where id in ('+','.join(map(str,ids))+')', ('draft',))
cr.execute('update account_move set state=%s where id in ('+','.join(map(str, ids))+')', ('draft',))
return True
def write(self, cr, uid, ids, vals, context={}):
@ -1177,7 +1177,7 @@ class account_tax_code(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from account_tax_code where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from account_tax_code where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
@ -1797,7 +1797,7 @@ class account_account_template(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select parent_id from account_account_template where id in ('+','.join(map(str,ids))+')')
cr.execute('select parent_id from account_account_template where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
@ -1856,7 +1856,7 @@ class account_tax_code_template(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from account_tax_code_template where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from account_tax_code_template where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

4
addons/account/invoice.py
View File

@ -397,7 +397,7 @@ class account_invoice(osv.osv):
l.id \
from account_move_line l \
left join account_invoice i on (i.move_id=l.move_id) \
where i.id in ('+','.join(map(str,ids))+') and l.account_id=i.account_id')
where i.id in ('+','.join(map(str,map(int, ids)))+') and l.account_id=i.account_id')
res = map(lambda x: x[0], cr.fetchall())
return res
@ -680,7 +680,7 @@ class account_invoice(osv.osv):
def action_number(self, cr, uid, ids, *args):
cr.execute('SELECT id, type, number, move_id, reference ' \
'FROM account_invoice ' \
'WHERE id IN ('+','.join(map(str,ids))+')')
'WHERE id IN ('+','.join(map(str, ids))+')')
obj_inv = self.browse(cr, uid, ids)[0]
for (id, invtype, number, move_id, reference) in cr.fetchall():
if not number:

2
addons/account/report/partner_balance.py
View File

@ -166,7 +166,7 @@ class partner_balance(report_sxw.rml_parse):
##
self.date_lst_string =''
if self.date_lst:
self.date_lst_string = '\'' + '\',\''.join(map(str,self.date_lst)) + '\''
self.date_lst_string = '\'' + '\',\''.join(map(str, self.date_lst)) + '\''
## Compute Code

2
addons/account/report/third_party_ledger.py
View File

@ -162,7 +162,7 @@ class third_party_ledger(rml_parse.rml_parse):
self.date_lst_string = ''
if self.date_lst:
self.date_lst_string = '\'' + '\',\''.join(map(str,self.date_lst)) + '\''
self.date_lst_string = '\'' + '\',\''.join(map(str, self.date_lst)) + '\''
#
#new_ids = [id for (id,) in self.cr.fetchall()]
if data['form']['result_selection'] == 'supplier':

2
addons/account/wizard/wizard_open_closed_fiscalyear.py
View File

@ -43,7 +43,7 @@ def _remove_entries(self, cr, uid, data, context):
period_journal = data_fyear.end_journal_period_id
ids_move = pool.get('account.move').search(cr,uid,[('journal_id','=',period_journal.journal_id.id),('period_id','=',period_journal.period_id.id)])
if ids_move:
cr.execute('delete from account_move where id in ('+','.join(map(str,ids_move))+')')
cr.execute('delete from account_move where id in ('+','.join(map(str, ids_move))+')')
#cr.execute('UPDATE account_journal_period ' \
# 'SET state = %s ' \
# 'WHERE period_id IN (SELECT id FROM account_period WHERE fiscalyear_id = %s)',

2
addons/account_payment/account_move_line.py
View File

@ -42,7 +42,7 @@ class account_move_line(osv.osv):
WHERE move_line_id = ml.id
AND po.state != 'cancel') as amount
FROM account_move_line ml
WHERE id in (%s)""" % (",".join(map(str, ids))))
WHERE id in (%s)""" % (",".join(map(str,map(int, ids)))))
r=dict(cr.fetchall())
return r

2
addons/account_payment/payment.py
View File

@ -225,7 +225,7 @@ class payment_line(osv.osv):
inner join payment_line pl
on (ml.id = pl.move_line_id)
where pl.id in (%s)"""%
(self.translate(name), ','.join(map(str,ids))) )
(self.translate(name), ','.join(map(str, ids))))
res = dict(cr.fetchall())
if name == 'partner_id':

2
addons/account_voucher/voucher.py
View File

@ -404,7 +404,7 @@ class account_voucher(osv.osv):
def action_number(self, cr, uid, ids, *args):
cr.execute('SELECT id, type, number, move_id, reference ' \
'FROM account_voucher ' \
'WHERE id IN ('+','.join(map(str,ids))+')')
'WHERE id IN ('+','.join(map(str, ids))+')')
for (id, invtype, number, move_id, reference) in cr.fetchall():
if not number:
number = self.pool.get('ir.sequence').get(cr, uid, invtype)

1
addons/analytic_journal_billing_rate/__terp__.py
View File

@ -19,7 +19,6 @@
#
##############################################################################
{
'name': 'Analytic Journal Billing Rate',
'version': '1.0',

6
addons/auction/auction.py
View File

@ -94,12 +94,12 @@ class auction_dates(osv.osv):
RETURN: True
"""
# objects vendus mais non factures
cr.execute('select count(*) as c from auction_lots where auction_id in ('+','.join(map(str,ids))+') and state=%s and obj_price>0', ('draft',))
cr.execute('select count(*) as c from auction_lots where auction_id in ('+','.join(map(str, ids))+') and state=%s and obj_price>0', ('draft',))
nbr = cr.fetchone()[0]
ach_uids = {}
cr.execute('select id from auction_lots where auction_id in ('+','.join(map(str,ids))+') and state=%s and obj_price>0', ('draft',))
cr.execute('select id from auction_lots where auction_id in ('+','.join(map(str, ids))+') and state=%s and obj_price>0', ('draft',))
r=self.pool.get('auction.lots').lots_invoice(cr, uid, [x[0] for x in cr.fetchall()],{},None)
cr.execute('select id from auction_lots where auction_id in ('+','.join(map(str,ids))+') and obj_price>0')
cr.execute('select id from auction_lots where auction_id in ('+','.join(map(str, ids))+') and obj_price>0')
ids2 = [x[0] for x in cr.fetchall()]
# for auction in auction_ids:
c=self.pool.get('auction.lots').seller_trans_create(cr, uid, ids2,{})

1
addons/auction/barcode/__init__.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 1996-2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/code128.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/code39.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 1996-2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/code93.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/common.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 1996-2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/fourstate.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

1
addons/auction/barcode/test.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#!/usr/bin/python
from common import *
from code39 import *

1
addons/auction/barcode/usps.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 1996-2000 Tyler C. Sarna <tsarna@sarna.org>
# All rights reserved.

2
addons/auction/wizard/wizard_auction_invoice_buyer.py
View File

@ -79,7 +79,7 @@ def _makeInvoices(self, cr, uid, data, context):
# ids = order_obj.lots_invoice(cr, uid, data['ids'],context,invoice_number)
cr.commit()
return {
'domain': "[('id','in', ["+','.join(map(str,ids))+"])]",
'domain': "[('id','in', ["+','.join(map(str, ids))+"])]",
'name': 'Buyer invoices',
'view_type': 'form',
'view_mode': 'tree,form',

2
addons/auction/wizard/wizard_auction_journal.py
View File

@ -72,7 +72,7 @@ def _makeInvoices(self, cr, uid, data, context):
ids = order_obj.seller_trans_create(cr, uid, data['ids'],context)
cr.commit()
return {
'domain': "[('id','in', ["+','.join(map(str,ids))+"])]",
'domain': "[('id','in', ["+','.join(map(str, ids))+"])]",
'name': 'Seller invoices',
'view_type': 'form',
'view_mode': 'tree,form',

2
addons/base_module_quality/__init__.py
View File

@ -1,4 +1,4 @@
# -*- encoding: utf-8 -*-
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution

2
addons/base_module_quality/__terp__.py
View File

@ -1,4 +1,4 @@
# -*- encoding: utf-8 -*-
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution

2
addons/base_module_quality/base_module_quality.py
View File

@ -1,4 +1,4 @@
# -*- encoding: utf-8 -*-
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution

3
addons/base_report_designer/wizard/tiny_sxw2rml/tiny_sxw2rml.py
View File

@ -1,4 +1,3 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
##############################################################################
#
@ -21,7 +20,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
#!/usr/bin/python
"""
Tiny SXW2RML - The Open ERP's report engine

2
addons/crm/crm.py
View File

@ -81,7 +81,7 @@ class crm_case_section(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from crm_case_section where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from crm_case_section where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

2
addons/crm/report/report_businessopp.py
View File

@ -55,7 +55,7 @@ class report_custom(report_int):
minbenef = 999999999999999999999
maxbenef = 0
cr.execute('select probability, planned_revenue, planned_cost, user_id, res_users.name as name from crm_case left join res_users on (crm_case.user_id=res_users.id) where crm_case.id in ('+','.join(map(str,ids))+') order by user_id')
cr.execute('select probability, planned_revenue, planned_cost, user_id, res_users.name as name from crm_case left join res_users on (crm_case.user_id=res_users.id) where crm_case.id in ('+','.join(map(str, ids))+') order by user_id')
res = cr.dictfetchall()
for row in res:

4
addons/document/document.py
View File

@ -301,7 +301,7 @@ class document_directory(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from document_directory where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from document_directory where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
@ -523,7 +523,7 @@ class document_file(osv.osv):
def _data_get(self, cr, uid, ids, name, arg, context):
result = {}
cr.execute('select id,store_fname,link from ir_attachment where id in ('+','.join(map(str,ids))+')')
cr.execute('select id,store_fname,link from ir_attachment where id in ('+','.join(map(str, ids))+')')
for id,r,l in cr.fetchall():
try:
value = file(os.path.join(self._get_filestore(cr), r), 'rb').read()

4
addons/hr/hr.py
View File

@ -101,7 +101,7 @@ class hr_employee_category(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from hr_employee_category where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from hr_employee_category where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False
@ -150,7 +150,7 @@ class hr_employee(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from hr_employee where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from hr_employee where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

2
addons/hr/hr_department.py
View File

@ -43,7 +43,7 @@ class hr_department(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from hr_department where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from hr_department where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

20
addons/hr_holidays/migrations/1.5/post-00-change-requests-signs.py
View File

@ -1,3 +1,23 @@
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
__name__ = "Change signs of old holiday requests"
def migrate(cr, version):

20
addons/hr_holidays/migrations/1.5/post-01-convert-limits-into-requests.py
View File

@ -1,3 +1,23 @@
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
__name__ = "Convert the Holidays Per User limits into positive leave request"
def migrate(cr, version):

2
addons/hr_timesheet_sheet/wizard/wizard_timesheet_current.py
View File

@ -38,7 +38,7 @@ class wiz_timesheet_open(wizard.interface):
view_type = 'form,tree'
if len(ids) > 1:
view_type = 'tree,form'
domain = "[('id','in',["+','.join(map(str,ids))+"]),('user_id', '=', uid)]"
domain = "[('id','in',["+','.join(map(str, ids))+"]),('user_id', '=', uid)]"
elif len(ids)==1:
ts.write(cr, uid, ids, {'date_current': time.strftime('%Y-%m-%d')})
domain = "[('user_id', '=', uid)]"

1
addons/l10n_ch/account_move_line.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# account_move_line.py
# l10n_ch

2
addons/l10n_ch/bank.py
View File

@ -1,4 +1,4 @@
#
# -*- coding: utf-8 -*-
# bank.py
# l10n_ch
#

5
addons/l10n_ch/report/tiny_sxw2rml.py
View File

@ -1,6 +1,3 @@
#!/usr/bin/python
#coding: latin-1
##############################################################################
@ -32,7 +29,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
#!/usr/bin/python
"""
Tiny SXW2RML - The Tiny ERP's report engine

1
addons/l10n_ch_chart_c2c_pcg/__init__.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# __init__.py
#

1
addons/l10n_ch_chart_c2c_pcg/wizard/__init__.py
View File

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#
# config.py
#

2
addons/membership/membership.py
View File

@ -401,7 +401,7 @@ class Partner(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct associate_member from res_partner where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct associate_member from res_partner where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

2
addons/mrp/mrp.py
View File

@ -217,7 +217,7 @@ class mrp_bom(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 500
while len(ids):
cr.execute('select distinct bom_id from mrp_bom where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct bom_id from mrp_bom where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

2
addons/product/product.py
View File

@ -208,7 +208,7 @@ class product_category(osv.osv):
def _check_recursion(self, cr, uid, ids):
level = 100
while len(ids):
cr.execute('select distinct parent_id from product_category where id in ('+','.join(map(str,ids))+')')
cr.execute('select distinct parent_id from product_category where id in ('+','.join(map(str, ids))+')')
ids = filter(None, map(lambda x:x[0], cr.fetchall()))
if not level:
return False

2
addons/project/project.py
View File

@ -165,7 +165,7 @@ class project(osv.osv):
default['name'] = proj.name+_(' (copy)')
res = super(project, self).copy(cr, uid, id, default, context)
ids = self.search(cr, uid, [('parent_id','child_of', [res])])
cr.execute('update project_task set active=True where project_id in ('+','.join(map(str,ids))+')')
cr.execute('update project_task set active=True where project_id in ('+','.join(map(str, ids))+')')
return res
def duplicate_template(self, cr, uid, ids,context={}):

2
addons/project_gtd/wizard/project_gtd_daily.py
View File

@ -36,7 +36,7 @@ class wiz_timebox_open(wizard.interface):
raise wizard.except_wizard(_('Error !'), _('No timebox of the type "%s" defined !') % (tbtype,))
view_type = 'form,tree'
if len(ids) >= 1:
domain = "[('id','in',["+','.join(map(str,ids))+"])]"
domain = "[('id','in',["+','.join(map(str, ids))+"])]"
else:
domain = "[('user_id', '=', uid)]"
value = {

2
addons/purchase/purchase.py
View File

@ -111,7 +111,7 @@ class purchase_order(osv.osv):
LEFT JOIN
stock_picking p on (p.id=m.picking_id)
WHERE
p.purchase_id in ('''+','.join(map(str,ids))+''')
p.purchase_id in ('''+','.join(map(str, ids))+''')
GROUP BY m.state, p.purchase_id''')
for oid,nbr,state in cr.fetchall():
if state=='cancel':

21
addons/sale/unit_test/test.py
View File

@ -1,3 +1,24 @@
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>). All Rights Reserved
# $Id$
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
import unittest
import pooler
import netsvc

4
addons/scrum/report/task_burndown.py
View File

@ -71,14 +71,14 @@ class report_tasks(report_int):
io = StringIO.StringIO()
if 'date_start' not in datas:
cr.execute('select min(date_start) from project_task where id in ('+','.join(map(str,ids))+')')
cr.execute('select min(date_start) from project_task where id in ('+','.join(map(str, ids))+')')
dt = cr.fetchone()[0]
if dt:
datas['date_start'] = dt[:10]
else:
datas['date_start'] = time.strftime('%Y-%m-%d')
if 'date_stop' not in datas:
cr.execute('select max(date_start),max(date_close) from project_task where id in ('+','.join(map(str,ids))+')')
cr.execute('select max(date_start),max(date_close) from project_task where id in ('+','.join(map(str, ids))+')')
res = cr.fetchone()
datas['date_stop'] = (res[0] and res[0][:10]) or time.strftime('%Y-%m-%d')
if res[1] and datas['date_stop']<res[1]:

2
addons/stock/wizard/stock_traceability.py
View File

@ -33,7 +33,7 @@ def action_traceability(type='move_history_ids', field='tracking_id'):
cr.execute('select id from ir_ui_view where model=%s and field_parent=%s and type=%s', ('stock.move', type, 'tree'))
view_id = cr.fetchone()[0]
value = {
'domain': "[('id','in',["+','.join(map(str,ids))+"])]",
'domain': "[('id','in',["+','.join(map(str, ids))+"])]",
'name': ((type=='move_history_ids') and 'Upstream Traceability') or 'Downstream Traceability',
'view_type': 'tree',
'res_model': 'stock.move',