Merged in staging (pull request #14)

Staging

6 files changed, 142 insertions, 36 deletions

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 99302a66..05946f77 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -6,7 +6,9 @@ from odoo.http import request
 class SaleOrder(controller.Controller):
     @http.route('/api/sale_order/invoiced', auth='public', methods=['GET'])
     def get_sale_order_invoiced_by_partner_id(self, **kw):
-        self.authenticate()
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+
         partner_id = kw.get('partner_id')
         if not partner_id:
             return self.response(code=400, description='Field partner_id is required')
@@ -21,9 +23,7 @@ class SaleOrder(controller.Controller):
         data = []
         default_domain = [
             ('partner_id', 'in', partner_child_ids),
-            '|',
-            ('invoice_status', '=', 'invoiced'),
-            ('invoice_status', '=', 'to_invoice')
+            ('state', 'in', ['sale', 'done'])
         ]
         sale_orders = self.search_filter('sale.order', kw, default_domain)
         for sale_order in sale_orders:
@@ -51,7 +51,8 @@ class SaleOrder(controller.Controller):
 
     @http.route('/api/sale_order/invoiced/detail', auth='public', methods=['GET'])
     def get_sale_order_invoiced_detail_by_partner(self, **kw):
-        self.authenticate(kw)
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
 
         id = kw.get('id')
         partner_id = kw.get('partner_id')
@@ -62,9 +63,7 @@ class SaleOrder(controller.Controller):
 
         default_domain = [
             ('id', '=', id),
-            '|',
-            ('invoice_status', '=', 'invoiced'),
-            ('invoice_status', '=', 'to_invoice')
+            ('state', 'in', ['sale', 'done'])
         ]
         parent_partner_id = request.env['res.partner'].search([('id', '=', int(partner_id))], limit=1).parent_id.id
         partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))])
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index 41581961..3080be7d 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -3,10 +3,36 @@ from odoo import http
 from odoo.http import request
 from odoo.tools.config import config
 import random, string
+import jwt
 
 
-class Auth(controller.Controller):
+class User(controller.Controller):
     prefix = '/api/v1/'
+    jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c"
+    
+    def get_user_by_email(self, email):
+        return request.env['res.users'].search([
+            ('login', '=', email), 
+            ('active', 'in', [True, False])
+        ])
+
+    def create_user_token(self, user):
+        return jwt.encode({'id': user.id}, self.jwt_secret_key)
+    
+    def verify_user_token(self, user_id):
+        try:
+            token = request.httprequest.environ['HTTP_TOKEN']
+            user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
+            if int(user_id) != user_token['id']:
+                return False
+            return True
+        except:
+            return False
+    
+    def response_with_token(self, user):
+        data = request.env['res.users'].api_single_response(user)
+        data['token'] = self.create_user_token(user)
+        return data
     
     @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False)
     def login(self, **kw):
@@ -18,7 +44,7 @@ class Auth(controller.Controller):
         if not email or not password:
             return self.response(code=400, description='email and password is required')
         
-        user = self.get_user(email)
+        user = self.get_user_by_email(email)
         if user and not user.active:
             return self.response({
                 'is_auth': False,
@@ -28,15 +54,11 @@ class Auth(controller.Controller):
         try:
             uid = request.session.authenticate(config.get('db_name'), email, password)
             user = request.env['res.users'].browse(uid)
-            return self.response({
+            data = {
                 'is_auth': True, 
-                'user': {
-                    'id': user.id,
-                    'name': user.name,
-                    'email': user.login,
-                    'external': user.share
-                }
-            })
+                'user': self.response_with_token(user)
+            }
+            return self.response(data)
         except:
             return self.response({
                 'is_auth': False,
@@ -54,7 +76,7 @@ class Auth(controller.Controller):
         if not name or not email or not password:
             return self.response(code=400, description='email, name and password is required')
         
-        user = self.get_user(email)
+        user = self.get_user_by_email(email)
         
         if user:
             return self.response({
@@ -72,16 +94,13 @@ class Auth(controller.Controller):
         
         return self.response({'register': True})
     
-    def get_user(self, email):
-        return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])])
-    
     @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False)
     def request_activation_user(self, **kw):
         if not self.authenticate():
             return self.response(code=401, description='Unauthorized')
         
         email = kw.get('email')
-        user = self.get_user(email)
+        user = self.get_user_by_email(email)
         if not user:
             return self.response({'activation_request': False, 'reason': 'NOT_FOUND'})
         
@@ -93,14 +112,54 @@ class Auth(controller.Controller):
         return self.response({
             'activation_request': True,
             'token': user.activation_token,
-            'user': {
-                'id': user.id,
-                'name': user.name,
-                'email': user.login,
-                'external': user.share
-            }
+            'user': request.env['res.users'].api_single_response(user)
         })
+    
+    @http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False)
+    def update_user(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        id = kw.get('id')
+        
+        user = request.env['res.users'].search([('id', '=', id)], limit=1)
+        if not user: 
+            return self.response(code=400, description='User not found')
         
+        is_verify = self.verify_user_token(id)
+        if not is_verify:
+            return self.response(code=401, description='Unauthorized')
+        
+        allowed_field = ['name', 'phone', 'mobile', 'password']
+        for field in allowed_field:
+            field_value = kw.get(field)
+            if field_value or field_value == '':
+                user[field] = field_value
+        
+        return self.response({
+            'user': self.response_with_token(user)
+        })
+    
+    @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS'])
+    def get_user_address_by_id(self, **kw):
+        if not self.authenticate(): 
+            return self.response(code=401, description='Unauthorized')
+        
+        id = kw.get('id')
+        
+        user = request.env['res.users'].search([('id', '=', id)], limit=1)
+        if not user: 
+            return self.response(code=400, description='User not found')
+        
+        is_verify = self.verify_user_token(id)
+        if not is_verify:
+            return self.response(code=401, description='Unauthorized')
+        
+        partners = [user] + [x for x in user.child_ids]
+        address = [request.env['res.users'].api_address_response(x) for x in partners]
+        
+        return self.response(address)
+    
     @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False)
     def activation_user(self, **kw):
         if not self.authenticate():
@@ -118,10 +177,5 @@ class Auth(controller.Controller):
         user.activation_token = ''
         return self.response({
             'activation': True,
-            'user': {
-                'id': user.id,
-                'name': user.name,
-                'email': user.login,
-                'external': user.share
-            }
+            'user': self.response_with_token(user)
         })
\ No newline at end of file
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index a085d084..10cd76a1 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -65,6 +65,7 @@ class Controller(http.Controller):
         return request.make_response(response, [
             ('Access-Control-Allow-Origin', '*'),
             ('Access-Control-Allow-Headers', '*'),
+            ('Access-Control-Allow-Methods', '*'),
             ('Content-Type', 'application/json'),
         ])
 
diff --git a/indoteknik_api/models/__init__.py b/indoteknik_api/models/__init__.py
index 25f6997f..3e00e2f0 100644
--- a/indoteknik_api/models/__init__.py
+++ b/indoteknik_api/models/__init__.py
@@ -2,4 +2,5 @@ from . import blog_post
 from . import product_pricelist
 from . import product_product
 from . import product_template
+from . import res_users
 from . import x_manufactures
\ No newline at end of file
diff --git a/indoteknik_api/models/product_product.py b/indoteknik_api/models/product_product.py
index b5253591..6b02d91e 100644
--- a/indoteknik_api/models/product_product.py
+++ b/indoteknik_api/models/product_product.py
@@ -1,7 +1,7 @@
 from odoo import models
 
 
-class ProductTemplate(models.Model):
+class ProductProduct(models.Model):
     _inherit = 'product.product'
     
     def api_single_response(self, product_product):
diff --git a/indoteknik_api/models/res_users.py b/indoteknik_api/models/res_users.py
new file mode 100644
index 00000000..2cab29bd
--- /dev/null
+++ b/indoteknik_api/models/res_users.py
@@ -0,0 +1,51 @@
+from odoo import models
+
+
+class ResUsers(models.Model):
+    _inherit = 'res.users'
+    
+    def api_single_response(self, res_user, with_detail=''):
+        data = {
+            'id': res_user.id,
+            'name': res_user.name,
+            'email': res_user.login,
+            'phone': res_user.phone or '',
+            'mobile': res_user.mobile or '',
+            'external': res_user.share
+        }
+        
+        return data
+    
+    def api_address_response(self, user):
+        data = {
+            'id': user.id,
+            'name': user.name,
+            'mobile': user.mobile,
+            'street': user.street,
+            'street2': user.street2,
+            'city': None,
+            'district': None,
+            'sub_district': None,
+            'zip': user.zip
+        }
+        
+        if user.kota_id:
+            data['city'] = {
+                'id': user.kota_id.id,
+                'name': user.kota_id.name
+            } or None
+            
+        if user.kecamatan_id:
+            data['district'] = {
+                'id': user.kecamatan_id.id,
+                'name': user.kecamatan_id.name
+            }
+            
+        if user.kelurahan_id:
+            data['sub_district'] = {
+                'id': user.kelurahan_id.id, 
+                'name': user.kelurahan_id.name
+            }
+            
+        return data
+