[FIX] feature download invoice

author: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-03 14:43:58 +0700
committer: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-03 14:43:58 +0700
commit: 6b5f3041727d84db4d24215062940b8f2fca6d1c (patch)
tree: a02637a325e4275b6d9272a759c763c91ff076e4 /indoteknik_api/controllers/api_v1
parent: 8cb3d124ec96b78872ebd0d0c969564249f15671 (diff)
1 files changed, 17 insertions, 11 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 38225b85..3794744e 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -15,22 +15,28 @@ class Download(controller.Controller):
         ], ['datas', 'mimetype'])
         return result if len(result) > 0 else None
 
-    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, id):
+    @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_invoice(self, id, token):
         id = int(id)
-        data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
-        return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')])
+        
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return request.make_response(pdf, [('Content-Type', 'application/pdf')])
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
         md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if md5_by_id == token:
-            attachment = self._get_attachment('account.move', 'efaktur_document', id)
-            if attachment:
-                attachment = attachment[0]
-                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
-            return self.response('Dokumen tidak ditemukan', code=404)
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        attachment = self._get_attachment('account.move', 'efaktur_document', id)
+        if attachment:
+            attachment = attachment[0]
+            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+        return self.response('Dokumen tidak ditemukan', code=404)
             
-        return self.response('Tidak diizinkan')
author	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-03 14:43:58 +0700
committer	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-03 14:43:58 +0700
commit	6b5f3041727d84db4d24215062940b8f2fca6d1c (patch)
tree	a02637a325e4275b6d9272a759c763c91ff076e4 /indoteknik_api/controllers/api_v1
parent	8cb3d124ec96b78872ebd0d0c969564249f15671 (diff)