diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
| commit | 60c166f8b4f5f9cd8d4cdf6422f53d8b5d083648 (patch) | |
| tree | 439910148373c0b207838ec701a8bc13947b91d6 /indoteknik_api/controllers/api_v1/sale_order.py | |
| parent | f790892bb6cf7bd7871e841af92ce3edfc76b8c2 (diff) | |
Optimize auth method
Diffstat (limited to 'indoteknik_api/controllers/api_v1/sale_order.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 41 |
1 files changed, 6 insertions, 35 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 5e5aae47..34583c37 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -9,12 +9,9 @@ class SaleOrder(controller.Controller): PREFIX_PARTNER = prefix + 'partner/<partner_id>/' @http.route(prefix + "sale_order_number", auth='public', method=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() def get_number_sale_order(self, **kw): # for midtrans only - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - sale_order_id = int(kw.get('sale_order_id', '0')) sale_number = str(kw.get('sale_number', '')) if sale_order_id > 0: @@ -49,11 +46,8 @@ class SaleOrder(controller.Controller): return self.response(data) @http.route(PREFIX_PARTNER + 'sale_order', auth='public', method=['GET', 'OPTIONS']) + @controller.Controller.must_authorized(private=True, private_key='partner_id') def get_partner_sale_order(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'partner_id': ['number'], 'name': [], @@ -62,8 +56,6 @@ class SaleOrder(controller.Controller): }) limit = params['value']['limit'] offset = params['value']['offset'] - if not user_token['partner_id'] == params['value']['partner_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -84,17 +76,12 @@ class SaleOrder(controller.Controller): return self.response(data) @http.route(PREFIX_PARTNER + 'sale_order/<id>', auth='public', method=['GET', 'OPTIONS']) + @controller.Controller.must_authorized(private=True, private_key='partner_id') def partner_get_sale_order_detail(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'partner_id': ['number'], 'id': ['number'] }) - if not user_token['partner_id'] == params['value']['partner_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -111,17 +98,12 @@ class SaleOrder(controller.Controller): return self.response(data) @http.route(PREFIX_PARTNER + 'sale_order/<id>/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized(private=True, private_key='partner_id') def partner_checkout_sale_order_by_id(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'partner_id': ['number'], 'id': ['number'] }) - if not user_token['partner_id'] == params['value']['partner_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -207,17 +189,12 @@ class SaleOrder(controller.Controller): return self.response('Dokumen tidak ditemukan', code=404) @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized(private=True, private_key='partner_id') def partner_cancel_sale_order(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'partner_id': ['number'], 'id': ['number'] }) - if not user_token['partner_id'] == params['value']['partner_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -234,11 +211,8 @@ class SaleOrder(controller.Controller): return self.response(data) @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized(private=True, private_key='partner_id') def create_partner_sale_order(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) @@ -251,9 +225,6 @@ class SaleOrder(controller.Controller): 'po_file': [], 'type': [], }) - - if not user_token['partner_id'] == params['value']['partner_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) |