diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2023-01-05 04:26:58 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2023-01-05 04:26:58 +0000 |
| commit | d37c78617706d6313bf8c40277d56028f0f28a07 (patch) | |
| tree | d46e635d9977350d7414248fc9b5a375fd00f3e0 /indoteknik_api/controllers/api_v1 | |
| parent | f56ff7fb53e25c188663f643f06691d8d71bd34a (diff) | |
| parent | 9a3a8c37b65d6017bae50d56b4c5bd1ea641a3b1 (diff) | |
Merged in staging (pull request #14)
Staging
Diffstat (limited to 'indoteknik_api/controllers/api_v1')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/sale_order.py | 15 | ||||
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 108 |
2 files changed, 88 insertions, 35 deletions
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 99302a66..05946f77 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -6,7 +6,9 @@ from odoo.http import request class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced', auth='public', methods=['GET']) def get_sale_order_invoiced_by_partner_id(self, **kw): - self.authenticate() + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + partner_id = kw.get('partner_id') if not partner_id: return self.response(code=400, description='Field partner_id is required') @@ -21,9 +23,7 @@ class SaleOrder(controller.Controller): data = [] default_domain = [ ('partner_id', 'in', partner_child_ids), - '|', - ('invoice_status', '=', 'invoiced'), - ('invoice_status', '=', 'to_invoice') + ('state', 'in', ['sale', 'done']) ] sale_orders = self.search_filter('sale.order', kw, default_domain) for sale_order in sale_orders: @@ -51,7 +51,8 @@ class SaleOrder(controller.Controller): @http.route('/api/sale_order/invoiced/detail', auth='public', methods=['GET']) def get_sale_order_invoiced_detail_by_partner(self, **kw): - self.authenticate(kw) + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') id = kw.get('id') partner_id = kw.get('partner_id') @@ -62,9 +63,7 @@ class SaleOrder(controller.Controller): default_domain = [ ('id', '=', id), - '|', - ('invoice_status', '=', 'invoiced'), - ('invoice_status', '=', 'to_invoice') + ('state', 'in', ['sale', 'done']) ] parent_partner_id = request.env['res.partner'].search([('id', '=', int(partner_id))], limit=1).parent_id.id partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))]) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 41581961..3080be7d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -3,10 +3,36 @@ from odoo import http from odoo.http import request from odoo.tools.config import config import random, string +import jwt -class Auth(controller.Controller): +class User(controller.Controller): prefix = '/api/v1/' + jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" + + def get_user_by_email(self, email): + return request.env['res.users'].search([ + ('login', '=', email), + ('active', 'in', [True, False]) + ]) + + def create_user_token(self, user): + return jwt.encode({'id': user.id}, self.jwt_secret_key) + + def verify_user_token(self, user_id): + try: + token = request.httprequest.environ['HTTP_TOKEN'] + user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) + if int(user_id) != user_token['id']: + return False + return True + except: + return False + + def response_with_token(self, user): + data = request.env['res.users'].api_single_response(user) + data['token'] = self.create_user_token(user) + return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): @@ -18,7 +44,7 @@ class Auth(controller.Controller): if not email or not password: return self.response(code=400, description='email and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, @@ -28,15 +54,11 @@ class Auth(controller.Controller): try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - return self.response({ + data = { 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) + 'user': self.response_with_token(user) + } + return self.response(data) except: return self.response({ 'is_auth': False, @@ -54,7 +76,7 @@ class Auth(controller.Controller): if not name or not email or not password: return self.response(code=400, description='email, name and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user: return self.response({ @@ -72,16 +94,13 @@ class Auth(controller.Controller): return self.response({'register': True}) - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) - @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') - user = self.get_user(email) + user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) @@ -93,14 +112,54 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': request.env['res.users'].api_single_response(user) }) + + @http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + def update_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + allowed_field = ['name', 'phone', 'mobile', 'password'] + for field in allowed_field: + field_value = kw.get(field) + if field_value or field_value == '': + user[field] = field_value + + return self.response({ + 'user': self.response_with_token(user) + }) + + @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS']) + def get_user_address_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + partners = [user] + [x for x in user.child_ids] + address = [request.env['res.users'].api_address_response(x) for x in partners] + + return self.response(address) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): @@ -118,10 +177,5 @@ class Auth(controller.Controller): user.activation_token = '' return self.response({ 'activation': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': self.response_with_token(user) })
\ No newline at end of file |