<iman> add api tracking order

1 files changed, 32 insertions, 1 deletions

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index ee173d29..d44868f0 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -615,4 +615,35 @@ class SaleOrder(controller.Controller):
         }
 
         return self.response(data)
-    
\ No newline at end of file
+
+    @http.route(prefix + 'tracking_order', auth='public', method=['GET', 'OPTIONS'])
+    @controller.Controller.must_authorized()
+    def tracking_get_sale_order_detail(self, **kw):
+        # Extract 'so' and 'email' parameters from query parameters
+        so = kw.get('so')
+        email_user = kw.get('email')
+
+        if not email_user or not so:
+            return self.response(code=400, description="Email and Sale Order number are required.")
+
+        # Search for the sale order by the name (so)
+        sale_order = request.env['sale.order'].search([('name', '=', so)], limit=1)
+        if not sale_order:
+            return self.response(code=404, description="Sale Order not found.")
+
+        # Get the partner associated with the sale order
+        partner = sale_order.partner_id
+
+        # Check if the email matches the partner's email
+        if partner.email != email_user:
+            return self.response(code=403, description="Email does not match the Sale Order.")
+
+        # Check for partner child ids if needed
+        partner_child_ids = self.get_partner_child_ids(partner.id)
+        if sale_order.partner_id.id not in partner_child_ids:
+            return self.response(code=403, description="Unauthorized access to Sale Order details.")
+
+        # Prepare the response data
+        data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail')
+
+        return self.response(data)
\ No newline at end of file