sale order status

1 files changed, 28 insertions, 0 deletions

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 52ccf9fa..57a933f9 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -105,6 +105,34 @@ class SaleOrder(controller.Controller):
         
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_checkout_sale_order_by_id(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params) 
+        
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = {}
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'sale'
+            data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail')
+
+        return self.response(data)
+
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()