diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
| commit | 60c166f8b4f5f9cd8d4cdf6422f53d8b5d083648 (patch) | |
| tree | 439910148373c0b207838ec701a8bc13947b91d6 /indoteknik_api/controllers/api_v1/partner.py | |
| parent | f790892bb6cf7bd7871e841af92ce3edfc76b8c2 (diff) | |
Optimize auth method
Diffstat (limited to 'indoteknik_api/controllers/api_v1/partner.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/partner.py | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index ba59a1ce..fc05ae90 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -8,10 +8,8 @@ class Partner(controller.Controller): prefix = '/api/v1/' @http.route(prefix + 'partner/<id>/address', auth='public', methods=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() def get_partner_address_by_id(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - params = self.get_request_params(kw, { 'id': ['required', 'number'] }) @@ -24,10 +22,8 @@ class Partner(controller.Controller): return self.response(partner) @http.route(prefix + 'partner/<id>/address', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized() def write_partner_address_by_id(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - params = self.get_request_params(kw, { 'id': ['required', 'number'], 'type': ['default:other'], @@ -55,10 +51,8 @@ class Partner(controller.Controller): }) @http.route(prefix + 'partner/address', auth='public', methods=['POST', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized() def create_partner_address(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - params = self.get_request_params(kw, { 'parent_id': ['required', 'number'], 'type': ['default:other'], @@ -82,11 +76,8 @@ class Partner(controller.Controller): }) @http.route(prefix + 'partner/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized() def write_partner_by_id(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'id': ['required', 'number'], 'name': [], @@ -102,9 +93,6 @@ class Partner(controller.Controller): partner = request.env[self._name].search([('id', '=', params['value']['id'])], limit=1) if not partner: return self.response(code=404, description='User not found') - - if user_token['partner_id'] not in self.get_partner_child_ids(partner.id): - return self.unauthorized_response() partner.write(params['value']) @@ -113,10 +101,8 @@ class Partner(controller.Controller): }) @http.route(prefix + 'partner/industry', auth='public', methods=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() def get_partner_industry(self): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - partner_industry = request.env['res.partner.industry'].search([]) data = [] for industry in partner_industry: @@ -128,10 +114,8 @@ class Partner(controller.Controller): return self.response(data) @http.route(prefix + 'partner/company_type', auth='public', methods=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() def get_partner_company_type(self): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - partner_company_type = request.env['res.partner.company_type'].search([]) data = [] for company_type in partner_company_type: |