Fix API Controller

1 files changed, 16 insertions, 3 deletions

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 010e66fd..1e9f01ee 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -42,9 +42,19 @@ class Controller(http.Controller):
             request.session.authenticate(db, username, password)
             return True
         except:
+            try:
+                authorization = wsgienv['HTTP_AUTHORIZATION']
+            except:
+                authorization = None
             request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
+            token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+            result = False
+            if authorization == token:
+                result = True
             user_token = self.verify_user_token()
-            return user_token or True
+            if user_token:
+                result = user_token
+            return result
         
     def user_pricelist(self):
         user_token = self.authenticate()
@@ -137,10 +147,13 @@ class Controller(http.Controller):
             user = request.env['res.users'].browse([ user_token['id'] ])
             if not user:
                 return False
-            return {
+            data = {
                 'user_id': user.id,
-                'partner_id': user.partner_id.id or None
+                'partner_id': None
             }
+            if user.partner_id:
+                data['partner_id'] = user.partner_id.id
+            return data
         except:
             return False