add api cancel SO and upload PO in SO

author: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-06 12:02:42 +0700
committer: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-06 12:02:42 +0700
commit: 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 (patch)
tree: 4a64e513ec081eb61fae9567234d049184b2c3c4 /indoteknik_api/controllers/api_v1
parent: 6b5f3041727d84db4d24215062940b8f2fca6d1c (diff)
2 files changed, 60 insertions, 4 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 3794744e..f12be337 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -19,8 +19,8 @@ class Download(controller.Controller):
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
@@ -30,8 +30,8 @@ class Download(controller.Controller):
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 52ccf9fa..9a4b23d9 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -105,6 +105,62 @@ class SaleOrder(controller.Controller):
         
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_upload_po_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number'],
+            'name': [],
+            'file': []
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.partner_purchase_order_name = params['value']['name']
+            sale_order.partner_purchase_order_file = params['value']['file']
+            data = sale_order.id
+        return self.response(data)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_cancel_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'cancel'
+            data = sale_order.id
+        return self.response(data)
+        
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()
author	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-06 12:02:42 +0700
committer	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-06 12:02:42 +0700
commit	446e3be759d72b7a06b4e4671b91c6f9c8bfa903 (patch)
tree	4a64e513ec081eb61fae9567234d049184b2c3c4 /indoteknik_api/controllers/api_v1
parent	6b5f3041727d84db4d24215062940b8f2fca6d1c (diff)