diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2023-01-21 06:07:05 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2023-01-21 06:07:05 +0000 |
| commit | 287cf8497b4b6bb825870ee2b3d1b49d4c29ab6a (patch) | |
| tree | dbcdcbce4bc01a7985532147e0ba0650ee7551b6 | |
| parent | c6032a407758afa650a0e3e25d51606cf91c75b8 (diff) | |
| parent | e52cf84fd2284330412162b44066f29bd382f590 (diff) | |
Merged in feature/rest-api (pull request #26)
Fixing authentication
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 63 | ||||
| -rw-r--r-- | indoteknik_api/controllers/controller.py | 28 |
2 files changed, 66 insertions, 25 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index dce72a76..d69f40a4 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -5,53 +5,80 @@ import json class SaleOrder(controller.Controller): prefix = '/api/v1/' + PREFIX_PARTNER = prefix + 'partner/<partner_id>/' - @http.route(prefix + 'sale_order', auth='public', method=['GET', 'OPTIONS']) - def get_sale_order(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + @http.route(PREFIX_PARTNER + 'sale_order', auth='public', method=['GET', 'OPTIONS']) + def get_partner_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() params = self.get_request_params(kw, { + 'partner_id': ['number'], 'name': [], - 'partner_id': ['required', 'number'], 'limit': ['default:0', 'number'], 'offset': ['default:0', 'number'], }) limit = params['value']['limit'] offset = params['value']['offset'] - + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) - parent_partner_id = request.env['res.partner'].search([('id', '=', params['value']['partner_id'])], limit=1).parent_id.id - partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))]) - partner_child_ids = [v['id'] for v in partner_childs] + [params['value']['partner_id']] - + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) domain = [('partner_id', 'in', partner_child_ids)] sale_orders = request.env['sale.order'].search(domain, offset=offset, limit=limit) data = { 'sale_order_total': request.env['sale.order'].search_count(domain), 'sale_orders': [request.env['sale.order'].api_v1_single_response(x) for x in sale_orders] } - return self.response(data) - @http.route(prefix + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) - def create_sale_order(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + @http.route(PREFIX_PARTNER + 'sale_order/<id>', auth='public', method=['GET', 'OPTIONS']) + def partner_get_sale_order_detail(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + sale_order = request.env['sale.order'].search(domain) + + return + + @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def create_partner_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) params = self.get_request_params(kw, { - 'partner_id': ['required', 'number'], + 'partner_id': ['number'], 'partner_shipping_id': ['required', 'number'], 'partner_invoice_id': ['required', 'number'], 'order_line': ['required', 'default:[]'], 'po_number': [], 'po_file': [], }) + + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -97,7 +124,7 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced', auth='public', methods=['GET']) def get_sale_order_invoiced_by_partner_id(self, **kw): if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + return self.unauthorized_response() partner_id = kw.get('partner_id') if not partner_id: @@ -142,7 +169,7 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced/detail', auth='public', methods=['GET']) def get_sale_order_invoiced_detail_by_partner(self, **kw): if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + return self.unauthorized_response() id = kw.get('id') partner_id = kw.get('partner_id') diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py index 18f54d71..4a7a8fb6 100644 --- a/indoteknik_api/controllers/controller.py +++ b/indoteknik_api/controllers/controller.py @@ -29,13 +29,14 @@ class Controller(http.Controller): authorization = wsgienv['HTTP_AUTHORIZATION'] except: authorization = None + request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378') token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '' result = False if authorization == token: - request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378') - result = True - if self.verify_user_token(): result = True + user_token = self.verify_user_token() + if user_token: + result = user_token return result def get_request_params(self, kw, queries): @@ -79,8 +80,6 @@ class Controller(http.Controller): if len(result['reason']) > 0: result['valid'] = False - # if not result['valid']: - # del result['value'] return result def time_to_str(self, object, format): @@ -107,6 +106,9 @@ class Controller(http.Controller): ('Content-Type', 'application/json'), ]) + def unauthorized_response(self): + return self.response(code=401, description='Unauthorized') + def search_filter(self, model: str, kw: dict, query: array = []): """ To search data by default API Params if exist """ limit = kw.get('limit', 0) @@ -122,13 +124,25 @@ class Controller(http.Controller): try: token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - user = request.env['res.users'].search([('id', '=', user_token['id'])]) + user = request.env['res.users'].browse([ user_token['id'] ]) if not user: return False - return True + data = { + 'id': user.id, + 'partner_id': None + } + if user.partner_id: + data['partner_id'] = user.partner_id.id + return data except: return False + def get_partner_child_ids(self, partner_id): + parent_partner_id = request.env['res.partner'].search([('id', '=', partner_id)], limit=1).parent_id.id + partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))]) + partner_child_ids = [v['id'] for v in partner_childs] + [partner_id] + return partner_child_ids + @http.route('/api/token', auth='public', methods=['GET', 'OPTIONS']) def get_api_token(self, **kw): return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '') |