Fixing authentication

1 files changed, 21 insertions, 7 deletions

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 18f54d71..4a7a8fb6 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -29,13 +29,14 @@ class Controller(http.Controller):
                 authorization = wsgienv['HTTP_AUTHORIZATION']
             except:
                 authorization = None
+            request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
             token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
             result = False
             if authorization == token:
-                request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
-                result = True
-            if self.verify_user_token():
                 result = True
+            user_token = self.verify_user_token()
+            if user_token:
+                result = user_token
             return result
     
     def get_request_params(self, kw, queries):
@@ -79,8 +80,6 @@ class Controller(http.Controller):
 
             if len(result['reason']) > 0:
                 result['valid'] = False
-        # if not result['valid']:
-        #     del result['value']
         return result
 
     def time_to_str(self, object, format):
@@ -107,6 +106,9 @@ class Controller(http.Controller):
             ('Content-Type', 'application/json'),
         ])
 
+    def unauthorized_response(self):
+        return self.response(code=401, description='Unauthorized')
+
     def search_filter(self, model: str, kw: dict, query: array = []):
         """ To search data by default API Params if exist """
         limit = kw.get('limit', 0)
@@ -122,13 +124,25 @@ class Controller(http.Controller):
         try:
             token = request.httprequest.environ['HTTP_TOKEN']
             user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
-            user = request.env['res.users'].search([('id', '=', user_token['id'])])
+            user = request.env['res.users'].browse([ user_token['id'] ])
             if not user:
                 return False
-            return True
+            data = {
+                'id': user.id,
+                'partner_id': None
+            }
+            if user.partner_id:
+                data['partner_id'] = user.partner_id.id
+            return data
         except:
             return False
     
+    def get_partner_child_ids(self, partner_id):
+        parent_partner_id = request.env['res.partner'].search([('id', '=', partner_id)], limit=1).parent_id.id
+        partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))])
+        partner_child_ids = [v['id'] for v in partner_childs] + [partner_id]
+        return partner_child_ids
+
     @http.route('/api/token', auth='public', methods=['GET', 'OPTIONS'])
     def get_api_token(self, **kw):
         return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '')