fix feature

1 files changed, 40 insertions, 0 deletions

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 9a4b23d9..1c67d6c5 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,6 +3,7 @@ from odoo import http
 from odoo.http import request
 import json
 
+
 class SaleOrder(controller.Controller):
     prefix = '/api/v1/'
     PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
@@ -134,6 +135,45 @@ class SaleOrder(controller.Controller):
             data = sale_order.id
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+    def partner_download_po_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+        attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+        if attachment and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': sale_order[0]['partner_purchase_order_name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+    def partner_download_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+        if pdf and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': pdf,
+                'mimetype': 'application/pdf',
+                'filename': sale_order[0]['name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
     @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def partner_cancel_sale_order(self, **kw):
         user_token = self.authenticate()