diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2024-08-28 09:01:38 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2024-08-28 09:01:38 +0000 |
| commit | 601e10060161cb2a9a2db4dbb6cecdacf3268e5e (patch) | |
| tree | 35fcd9f87e865372d4710151d7e19d81799f0419 /indoteknik_api/controllers/api_v1 | |
| parent | d776b60f89f827d2dc49df80d7852f98c820985f (diff) | |
| parent | d47eb069978ce67bce1a19b6c824a53ca3d68801 (diff) | |
Merged in feature/tracking-order (pull request #207)
Feature/tracking order
Diffstat (limited to 'indoteknik_api/controllers/api_v1')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index a50cb264..b351bacc 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -616,4 +616,61 @@ class SaleOrder(controller.Controller): } return self.response(data) -
\ No newline at end of file + + @http.route(prefix + 'tracking_order', auth='public', method=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() + def tracking_get_sale_order_detail(self, **kw): + # Extract 'so' and 'email' parameters from query parameters + so = kw.get('so') + email_user = kw.get('email') + + if not email_user or not so: + return self.response({ + 'code': 400, + 'so': so, + 'email': email_user, + 'description': "Email and Sale Order number are required." + }) + + # Search for the sale order by the name (so) + sale_order = request.env['sale.order'].search([('name', '=', so)], limit=1) + if not sale_order: + return self.response({ + 'code': 404, + 'so': so, + 'email': email_user, + 'description': "Sale Order not found." + }) + + # Get the partner associated with the sale order + partner = sale_order.partner_id + company_id = partner.company_id.id + + # Search for all partners within the same company + partners_in_company = request.env['res.partner'].search([('company_id', '=', company_id)]) + + # Check if the email matches any partner's email in the same company + email_match = partners_in_company.filtered(lambda p: p.email == email_user) + if not email_match: + return self.response({ + 'code': 403, + 'so': so, + 'email': email_user, + 'description': "Email does not match any partner in the same company as the Sale Order." + }) + + # Check for partner child ids if needed + partner_child_ids = self.get_partner_child_ids(partner.id) + if sale_order.partner_id.id not in partner_child_ids: + return self.response({ + 'code': 403, + 'so': so, + 'email': email_user, + 'description': "Unauthorized access to Sale Order details." + }) + + # Prepare the response data + data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail') + + return self.response(data) + |