diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-02-03 14:43:58 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-02-03 14:43:58 +0700 |
| commit | 6b5f3041727d84db4d24215062940b8f2fca6d1c (patch) | |
| tree | a02637a325e4275b6d9272a759c763c91ff076e4 | |
| parent | 8cb3d124ec96b78872ebd0d0c969564249f15671 (diff) | |
[FIX] feature download invoice
| -rw-r--r-- | indoteknik_api/controllers/api_v1/download.py | 28 | ||||
| -rw-r--r-- | indoteknik_api/models/account_move.py | 3 |
2 files changed, 19 insertions, 12 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py index 38225b85..3794744e 100644 --- a/indoteknik_api/controllers/api_v1/download.py +++ b/indoteknik_api/controllers/api_v1/download.py @@ -15,22 +15,28 @@ class Download(controller.Controller): ], ['datas', 'mimetype']) return result if len(result) > 0 else None - @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET']) - def download_invoice(self, id): + @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET']) + def download_invoice(self, id, token): id = int(id) - data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id]) - return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')]) + + md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') + if not md5_by_id == token: + return self.response('Unauthorized') + + pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id]) + return request.make_response(pdf, [('Content-Type', 'application/pdf')]) @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET']) def download_tax_invoice(self, id, token): id = int(id) md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if md5_by_id == token: - attachment = self._get_attachment('account.move', 'efaktur_document', id) - if attachment: - attachment = attachment[0] - return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])]) - return self.response('Dokumen tidak ditemukan', code=404) + if not md5_by_id == token: + return self.response('Unauthorized') + + attachment = self._get_attachment('account.move', 'efaktur_document', id) + if attachment: + attachment = attachment[0] + return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])]) + return self.response('Dokumen tidak ditemukan', code=404) - return self.response('Tidak diizinkan') diff --git a/indoteknik_api/models/account_move.py b/indoteknik_api/models/account_move.py index f77ded16..3c8fd655 100644 --- a/indoteknik_api/models/account_move.py +++ b/indoteknik_api/models/account_move.py @@ -8,6 +8,7 @@ class AccountMove(models.Model): def api_v1_single_response(self, account_move, context=False): data = { + 'token': self.env['rest.api'].md5_salt(account_move.id, 'account.move'), 'id': account_move.id, 'name': account_move.name, 'purchase_order_name': account_move.ref or '', @@ -16,7 +17,7 @@ class AccountMove(models.Model): 'amount_total': account_move.amount_total, 'amount_residual': account_move.amount_residual, 'invoice_date': '', - 'efaktur_token': self.env['rest.api'].md5_salt(account_move.id, 'account.move') if account_move.efaktur_document else '', + 'efaktur': True if account_move.efaktur_document else False, } if isinstance(object, datetime.date): data['invoice_date'] = account_move.invoice_date.strftime('%d/%m/%Y') |