Merged in staging (pull request #19)

Staging

6 files changed, 117 insertions, 33 deletions

diff --git a/indoteknik_api/controllers/api_v1/__init__.py b/indoteknik_api/controllers/api_v1/__init__.py
index 03737d9d..e09b8f7b 100644
--- a/indoteknik_api/controllers/api_v1/__init__.py
+++ b/indoteknik_api/controllers/api_v1/__init__.py
@@ -6,6 +6,7 @@ from . import city
 from . import district
 from . import flash_sale
 from . import manufacture
+from . import partner
 from . import product_variant
 from . import product
 from . import promotion
diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py
new file mode 100644
index 00000000..043a82b8
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/partner.py
@@ -0,0 +1,37 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+
+
+class Partner(controller.Controller):
+    prefix = '/api/v1/'
+
+    @http.route(prefix + 'partner', auth='public', methods=['POST', 'OPTIONS'], csrf=False)
+    def create_partner(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        validate_request = self.get_request_params(kw, {
+            'user_id': ['required', 'number'],
+            'partner_id': ['required', 'number', 'alias:parent_id'],
+            'type': ['default:other'],
+            'name': ['required'],
+            'email': ['required'],
+            'mobile': ['required'],
+            'street': ['required'],
+            'city_id': ['required', 'number', 'alias:kota_id'],
+            'district_id': ['number', 'alias:kecamatan_id'],
+            'sub_district_id': ['number', 'alias:kelurahan_id'],
+            'zip': ['required'],
+        })
+
+        if not validate_request['valid']:
+            return self.response(code=400, description=validate_request)
+        
+        del validate_request['value']['user_id']
+        partner = request.env['res.partner'].create([ validate_request['value'] ])
+
+        return self.response({
+            'id': partner.id,
+        })
+
diff --git a/indoteknik_api/controllers/api_v1/product.py b/indoteknik_api/controllers/api_v1/product.py
index 2e978679..28a63ed5 100644
--- a/indoteknik_api/controllers/api_v1/product.py
+++ b/indoteknik_api/controllers/api_v1/product.py
@@ -6,7 +6,30 @@ import ast
 
 class Product(controller.Controller):
     prefix = '/api/v1/'
-    
+
+    @http.route(prefix + 'new_product', auth='public', methods=['GET', 'OPTIONS'])
+    def get_new_product(self):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        base_url = request.env['ir.config_parameter'].get_param('web.base.url')
+        query = [('show_as_new_product', '=', True)]
+        brands = request.env['x_manufactures'].search(query, order='sequence')
+        data = []
+        for brand in brands:
+            query_products = [
+                ('is_new_product', '=', True),
+                ('x_manufacture', '=', brand.id),
+            ]
+            products = request.env['product.template'].search(query_products, order='name')
+            data.append({
+                'manufacture_id': brand.id,
+                'sequence': brand.sequence,
+                'name': brand.x_name,
+                'image': base_url + 'api/image/x_manufactures/x_logo_manufacture/' + str(brand.id) if brand.x_logo_manufacture else '',
+                'products': [request.env['product.template'].api_single_response(x) for x in products]
+            })
+        return self.response(data)
+
     @http.route(prefix + 'product', auth='public', methods=['GET', 'OPTIONS'])
     def get_product(self, **kw):
         if not self.authenticate():
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 5604a86c..a8c5bacc 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -10,12 +10,6 @@ class SaleOrder(controller.Controller):
     def create_sale_order(self, **kw):
         if not self.authenticate():
             return self.response(code=401, description='Unauthorized')
-
-        user_id = kw.get('user_id')
-
-        is_verify = self.verify_user_token(user_id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
         
         product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id')
         product_pricelist_default_discount_id = int(product_pricelist_default_discount_id)
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index bf1814da..ae04e0ff 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -109,11 +109,7 @@ class User(controller.Controller):
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
         if not user: 
-            return self.response(code=400, description='User not found')
-        
-        is_verify = self.verify_user_token(id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
+            return self.response(code=404, description='User not found')
         
         allowed_field = ['name', 'phone', 'mobile', 'password']
         for field in allowed_field:
@@ -136,11 +132,8 @@ class User(controller.Controller):
         if not user: 
             return self.response(code=404, description='User not found')
         
-        is_verify = self.verify_user_token(id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
-        
-        partners = [user.partner_id] + [x for x in user.child_ids]
+        partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids]
+        partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='create_date DESC')
         address = [request.env['res.users'].api_address_response(x) for x in partners]
         
         return self.response(address)
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 73c8829d..a08d9fa4 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -30,23 +30,58 @@ class Controller(http.Controller):
             except:
                 authorization = None
             token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+            result = False
             if authorization == token:
                 request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
-                return True
-            return False
-
-    def validate_request(self, rules: dict, kw: dict):
-        validation = {
-            'status': True,
-            'reason': []
+                result = True
+            if self.verify_user_token():
+                result = True
+            return result
+    
+    def get_request_params(self, kw, queries):
+        result = {
+            'valid': True,
+            'reason': [],
+            'value': {},
+            'query': {}
         }
-        for key in rules:
-            values = rules[key]
-            for value in values:
-                if value == 'required' and not kw.get(key):
-                    validation['status'] = False
-                    validation['reason'].append(key + ' is ' + value)
-        return validation
+        for key in queries:
+            rules = queries[key]
+            is_number = len([r for r in rules if r == 'number']) > 0
+
+            has_alias = [r for r in rules if r.startswith('alias:')]
+            alias = key
+            if len(has_alias) > 0:
+                alias = has_alias[0].replace('alias:', '')
+
+            has_default = [r for r in rules if r.startswith('default:')]
+            default = None
+            if len(has_default) > 0:
+                default = has_default[0].replace('default:', '')
+
+            value = kw.get(key, '')
+            if value in ['null', 'undefined']:
+                value = ''
+            for rule in rules:
+                if rule == 'required' and not value:
+                    result['reason'].append(key + ' is ' + rule)
+                elif rule == 'number' and value and not value.isdigit():
+                    result['reason'].append(key + ' must be ' + rule)
+
+            if not value and default:
+                value = default
+            if is_number and value.isdigit():
+                value = int(value)
+            if not value:
+                value = None
+            result['value'][alias] = value
+            result['query'][key] = value
+
+            if len(result['reason']) > 0:
+                result['valid'] = False
+        if not result['valid']:
+            del result['value']
+        return result
 
     def time_to_str(self, object, format):
         time = ''
@@ -83,11 +118,12 @@ class Controller(http.Controller):
     def create_user_token(self, user):
         return jwt.encode({'id': user.id}, self.jwt_secret_key)
     
-    def verify_user_token(self, user_id):
+    def verify_user_token(self):
         try:
             token = request.httprequest.environ['HTTP_TOKEN']
             user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
-            if int(user_id) != user_token['id']:
+            user = request.env['res.users'].search([('id', '=', user_token['id'])])
+            if not user:
                 return False
             return True
         except: