diff options
| author | Rafi Zadanly <zadanlyr@gmail.com> | 2023-01-13 11:40:44 +0700 |
|---|---|---|
| committer | Rafi Zadanly <zadanlyr@gmail.com> | 2023-01-13 11:40:44 +0700 |
| commit | 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e (patch) | |
| tree | 7d088c21df7a7ac74d896259aefa94d940920294 /indoteknik_api/controllers/api_v1 | |
| parent | 7460334ff51a0bb1d049730f3c3577bf262db59e (diff) | |
simplify authentication
Diffstat (limited to 'indoteknik_api/controllers/api_v1')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/partner.py | 4 | ||||
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 6 | ||||
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 12 |
3 files changed, 3 insertions, 19 deletions
diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index 2d7d04e8..043a82b8 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -25,10 +25,6 @@ class Partner(controller.Controller): 'zip': ['required'], }) - is_verified = self.verify_user_token(validate_request['query']['user_id']) - if not is_verified: - return self.response(code=401, description='Unauthorized') - if not validate_request['valid']: return self.response(code=400, description=validate_request) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 5604a86c..a8c5bacc 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -10,12 +10,6 @@ class SaleOrder(controller.Controller): def create_sale_order(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') - - user_id = kw.get('user_id') - - is_verify = self.verify_user_token(user_id) - if not is_verify: - return self.response(code=401, description='Unauthorized') product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index d71c30ea..ae04e0ff 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -109,11 +109,7 @@ class User(controller.Controller): user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: - return self.response(code=400, description='User not found') - - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') + return self.response(code=404, description='User not found') allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: @@ -131,15 +127,13 @@ class User(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=404, description='User not found') - partners = [user.partner_id] + [x for x in user.child_ids] + partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids] + partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='create_date DESC') address = [request.env['res.users'].api_address_response(x) for x in partners] return self.response(address) |