diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-03-09 06:11:55 +0700 |
| commit | 60c166f8b4f5f9cd8d4cdf6422f53d8b5d083648 (patch) | |
| tree | 439910148373c0b207838ec701a8bc13947b91d6 /indoteknik_api/controllers/api_v1/wishlist.py | |
| parent | f790892bb6cf7bd7871e841af92ce3edfc76b8c2 (diff) | |
Optimize auth method
Diffstat (limited to 'indoteknik_api/controllers/api_v1/wishlist.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/wishlist.py | 24 |
1 files changed, 5 insertions, 19 deletions
diff --git a/indoteknik_api/controllers/api_v1/wishlist.py b/indoteknik_api/controllers/api_v1/wishlist.py index a3299033..50d38dc7 100644 --- a/indoteknik_api/controllers/api_v1/wishlist.py +++ b/indoteknik_api/controllers/api_v1/wishlist.py @@ -8,10 +8,8 @@ class Wishlist(controller.Controller): PREFIX_USER = prefix + 'user/<user_id>/' @http.route(prefix + 'wishlist', auth='public', methods=['GET']) + @controller.Controller.must_authorized() def get_wishlist_by_user_id(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - user_id = int(kw.get('user_id', 0)) product_id = kw.get('product_id', 0) variant_id = kw.get('variant_id', 0) @@ -24,7 +22,6 @@ class Wishlist(controller.Controller): query += [('variant_id', '=', int(variant_id))] wishlists = request.env['website.user.wishlist'].search(query, limit=limit, offset=offset, order='create_date desc') - # product = [request.env['product.template'].api_single_response(wishlist.product_id) for wishlist in wishlists] product = [] for wishlist in wishlists: if wishlist.product_id: @@ -38,10 +35,8 @@ class Wishlist(controller.Controller): return self.response(data) @http.route(prefix + 'wishlist/create-or-delete', auth='public', methods=['POST'], csrf=False) + @controller.Controller.must_authorized() def create_or_delete_wishlist(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - user_id = int(kw.get('user_id', 0)) product_id = kw.get('product_id', 0) variant_id = kw.get('variant_id', 0) @@ -74,11 +69,8 @@ class Wishlist(controller.Controller): return self.response(result) @http.route(PREFIX_USER + 'wishlist', auth='public', methods=['GET', 'OPTIONS']) + @controller.Controller.must_authorized(private=True, private_key='user_id') def get_user_wishlist(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'user_id': ['number'], 'product_id': ['number'], @@ -87,8 +79,7 @@ class Wishlist(controller.Controller): }) limit = params['value']['limit'] offset = params['value']['offset'] - if not user_token['id'] == params['value']['user_id']: - return self.unauthorized_response() + if not params['valid']: return self.response(code=400, description=params) @@ -109,17 +100,12 @@ class Wishlist(controller.Controller): return self.response(data) @http.route(PREFIX_USER + 'wishlist/create-or-delete', auth='public', methods=['POST', 'OPTIONS'], csrf=False) + @controller.Controller.must_authorized(private=True, private_key='user_id') def create_or_delete_user_wishlist(self, **kw): - user_token = self.authenticate() - if not user_token: - return self.unauthorized_response() - params = self.get_request_params(kw, { 'user_id': ['number'], 'product_id': ['required', 'number'], }) - if not user_token['id'] == params['value']['user_id']: - return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) |