[Cubicweb] Client command line tool in OpenERP vs. cubicweb-ctl (Re: [PROVENANCE INTERNET] Re: Apache authentication: which CubicWeb API?)

afayolle afayolle.ml at free.fr
Mon Oct 14 10:59:39 CEST 2013

On lun. 14 oct. 2013 10:07:08 CEST, Sylvain Thénault wrote:
> On 14 octobre 09:24, afayolle wrote:
>> Hello everyone,
> Hi Alexandre,
>> I'm now spending a significant amount of my time working with OpenERP.
>> In the OpenERP ecosystem, there is a well defined API to interact with
>> the server because the main design paradigm is that the client layer is
>> largely independent from the server layer. Actually the web client in
>> OpenERP is a Javascript application, largely in charge of the
>> presentation of the json serialized business objects and the navigation
>> logic, which is quite different from the CW philosophy in which the
>> views are generated on the server side and then displayed in the
>> browser, together with very minimal JS code, mainly for eye candy.
>> [I'm aware I'm verging on the caricatural side here, and I have not
>> checked on the latest orbui developments which may be part of a
>> solution. The goal is not to start a framework war, just to provide some
>> feedback on how things are done in another framework. ]
>> The net effect of this, is that in the OpenERP ecosystem, there are 3rd
>> party tools such as ERPpeek [1] which are very close to what
>> `cubicweb-ctl shell` is in the CW ecosystem, with a very nice addition:
>> it is able to work in the c-ctl shell way by instanciating the
>> server-side of openerp, and also to work as a remote client if supplied
>> with the URL of an OpenERP instance. In this case, all the API calls are
>> made through RPC using the server's public API. A script which sticks
>> with the public API of the framework and the extension modules can be
>> run transparently in both modes, which is a huge gain when doing
>> maintenance.
> Meaning the OpenERP public API offers full access to the underlying database ?
> Or only an (internal) ORM which provides some security checks ?
> (Sorry if this is a silly question, my OpenERP knowledge is very close to 0).

It is not a silly question :-)

You typically pass a login and a password to erppeek when connecting to 
a remote server. Then all actions are performed using these credentials 
and with the appropriate permission checks.

There is no direct SQL possible using the public API : you have to go 
through the ORM (which is in charge for the real permission 
management). But basically, any action that can be performed by the 
user through the web interface (and actually a bit more if a module 
author used view level security, but this is not a good idea...) is 
available. The nice part being that erppeek provides proxy objects 
which implement method calls using RPC and wrap back the json results 
as other proxy objects.


More information about the Cubicweb mailing list