diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-02-13 10:41:41 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-02-13 10:41:41 +0700 |
| commit | cfa0aa5c242b14332f7bc970bb65f1fbde0a9f3b (patch) | |
| tree | 91f855964cadb0c76094cd2cc6b51f7994ce0c6d /indoteknik_api/controllers/api_v1/download.py | |
| parent | fb04f8f3c533740c79c130ab4bc097b8529cae8e (diff) | |
| parent | 7478616937cff56ccb994138831f90eae904e724 (diff) | |
fix conflict
Diffstat (limited to 'indoteknik_api/controllers/api_v1/download.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/download.py | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py index 36f775b5..d9353896 100644 --- a/indoteknik_api/controllers/api_v1/download.py +++ b/indoteknik_api/controllers/api_v1/download.py @@ -1,7 +1,6 @@ from .. import controller from odoo import http from odoo.http import request -import base64 class Download(controller.Controller): @@ -13,22 +12,41 @@ class Download(controller.Controller): ('res_field', '=', field), ('res_id', '=', id), ], ['datas', 'mimetype']) - return result if len(result) > 0 else None + return result[0] if len(result) > 0 else None - @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET']) - def download_invoice(self, **kw): - id = int(kw.get('id', 0)) - return request.render('account.report_invoice', {'id': id}) + @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET']) + def download_invoice(self, id, token): + id = int(id) + + rest_api = request.env['rest.api'] + md5_valid = rest_api.md5_salt_valid(id, 'account.move', token) + if not md5_valid: + return self.response('Unauthorized') + + account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name']) + pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id]) + return rest_api.response_attachment({ + 'content': pdf, + 'mimetype': 'application/pdf', + 'filename': account_move[0]['name'] + }) @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET']) def download_tax_invoice(self, id, token): id = int(id) - md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if md5_by_id == token: - attachment = self._get_attachment('account.move', 'efaktur_document', id) - if attachment: - return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])]) - return self.response('Dokumen tidak ditemukan', code=404) - - return self.response('Tidak diizinkan') + rest_api = request.env['rest.api'] + md5_valid = rest_api.md5_salt_valid(id, 'account.move', token) + if not md5_valid: + return self.response('Unauthorized') + + account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name']) + attachment = self._get_attachment('account.move', 'efaktur_document', id) + if attachment and len(account_move) > 0: + return rest_api.response_attachment({ + 'content': attachment['datas'], + 'decode_content': True, + 'mimetype': attachment['mimetype'], + 'filename': account_move[0]['name'], + }) + return self.response('Dokumen tidak ditemukan', code=404) |