diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2023-01-21 06:07:05 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2023-01-21 06:07:05 +0000 |
| commit | 287cf8497b4b6bb825870ee2b3d1b49d4c29ab6a (patch) | |
| tree | dbcdcbce4bc01a7985532147e0ba0650ee7551b6 /indoteknik_api/controllers/api_v1 | |
| parent | c6032a407758afa650a0e3e25d51606cf91c75b8 (diff) | |
| parent | e52cf84fd2284330412162b44066f29bd382f590 (diff) | |
Merged in feature/rest-api (pull request #26)
Fixing authentication
Diffstat (limited to 'indoteknik_api/controllers/api_v1')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index dce72a76..d69f40a4 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -5,53 +5,80 @@ import json class SaleOrder(controller.Controller): prefix = '/api/v1/' + PREFIX_PARTNER = prefix + 'partner/<partner_id>/' - @http.route(prefix + 'sale_order', auth='public', method=['GET', 'OPTIONS']) - def get_sale_order(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + @http.route(PREFIX_PARTNER + 'sale_order', auth='public', method=['GET', 'OPTIONS']) + def get_partner_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() params = self.get_request_params(kw, { + 'partner_id': ['number'], 'name': [], - 'partner_id': ['required', 'number'], 'limit': ['default:0', 'number'], 'offset': ['default:0', 'number'], }) limit = params['value']['limit'] offset = params['value']['offset'] - + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) - parent_partner_id = request.env['res.partner'].search([('id', '=', params['value']['partner_id'])], limit=1).parent_id.id - partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))]) - partner_child_ids = [v['id'] for v in partner_childs] + [params['value']['partner_id']] - + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) domain = [('partner_id', 'in', partner_child_ids)] sale_orders = request.env['sale.order'].search(domain, offset=offset, limit=limit) data = { 'sale_order_total': request.env['sale.order'].search_count(domain), 'sale_orders': [request.env['sale.order'].api_v1_single_response(x) for x in sale_orders] } - return self.response(data) - @http.route(prefix + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) - def create_sale_order(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + @http.route(PREFIX_PARTNER + 'sale_order/<id>', auth='public', method=['GET', 'OPTIONS']) + def partner_get_sale_order_detail(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + sale_order = request.env['sale.order'].search(domain) + + return + + @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def create_partner_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) params = self.get_request_params(kw, { - 'partner_id': ['required', 'number'], + 'partner_id': ['number'], 'partner_shipping_id': ['required', 'number'], 'partner_invoice_id': ['required', 'number'], 'order_line': ['required', 'default:[]'], 'po_number': [], 'po_file': [], }) + + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() if not params['valid']: return self.response(code=400, description=params) @@ -97,7 +124,7 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced', auth='public', methods=['GET']) def get_sale_order_invoiced_by_partner_id(self, **kw): if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + return self.unauthorized_response() partner_id = kw.get('partner_id') if not partner_id: @@ -142,7 +169,7 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced/detail', auth='public', methods=['GET']) def get_sale_order_invoiced_detail_by_partner(self, **kw): if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + return self.unauthorized_response() id = kw.get('id') partner_id = kw.get('partner_id') |