<iman> update api tracking order to get email same partner in company

author: it-fixcomart <it@fixcomart.co.id> 2024-08-13 11:24:51 +0700
committer: it-fixcomart <it@fixcomart.co.id> 2024-08-13 11:24:51 +0700
commit: 2513b765773fca587dbd298e77732d2d005949c8 (patch)
tree: ee04694e39eb9109592e07d3379a2c72301f0bf6 /indoteknik_api/controllers/api_v1
parent: 57bc06d6991f4ab2f0f0ef4baecbf071eb62042a (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index a9113ada..0da7f894 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -643,20 +643,26 @@ class SaleOrder(controller.Controller):
 
         # Get the partner associated with the sale order
         partner = sale_order.partner_id
+        company_id = partner.company_id.id
 
-        # Check if the email matches the partner's email
-        if partner.email != email_user:
+        # Search for all partners within the same company
+        partners_in_company = request.env['res.partner'].search([('company_id', '=', company_id)])
+
+        # Check if the email matches any partner's email in the same company
+        email_match = partners_in_company.filtered(lambda p: p.email == email_user)
+        if not email_match:
             return self.response({
                 'code': 403,
                 'so': so,
                 'email': email_user,
-                'description': "Email does not match the Sale Order."
+                'description': "Email does not match any partner in the same company as the Sale Order."
             })
 
         # Check for partner child ids if needed
         partner_child_ids = self.get_partner_child_ids(partner.id)
         if sale_order.partner_id.id not in partner_child_ids:
             return self.response({
+                'code': 403,
                 'so': so,
                 'email': email_user,
                 'description': "Unauthorized access to Sale Order details."
@@ -666,3 +672,4 @@ class SaleOrder(controller.Controller):
         data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail')
 
         return self.response(data)
+
author	it-fixcomart <it@fixcomart.co.id>	2024-08-13 11:24:51 +0700
committer	it-fixcomart <it@fixcomart.co.id>	2024-08-13 11:24:51 +0700
commit	2513b765773fca587dbd298e77732d2d005949c8 (patch)
tree	ee04694e39eb9109592e07d3379a2c72301f0bf6 /indoteknik_api/controllers/api_v1
parent	57bc06d6991f4ab2f0f0ef4baecbf071eb62042a (diff)