fix conflict

author: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-13 10:41:41 +0700
committer: Rafi Zadanly <zadanlyr@gmail.com> 2023-02-13 10:41:41 +0700
commit: cfa0aa5c242b14332f7bc970bb65f1fbde0a9f3b (patch)
tree: 91f855964cadb0c76094cd2cc6b51f7994ce0c6d /indoteknik_api
parent: fb04f8f3c533740c79c130ab4bc097b8529cae8e (diff)
parent: 7478616937cff56ccb994138831f90eae904e724 (diff)
6 files changed, 166 insertions, 18 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 36f775b5..d9353896 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -1,7 +1,6 @@
 from .. import controller
 from odoo import http
 from odoo.http import request
-import base64
 
 
 class Download(controller.Controller):
@@ -13,22 +12,41 @@ class Download(controller.Controller):
             ('res_field', '=', field),
             ('res_id', '=', id),
         ], ['datas', 'mimetype'])
-        return result if len(result) > 0 else None
+        return result[0] if len(result) > 0 else None
 
-    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, **kw):
-        id = int(kw.get('id', 0))
-        return request.render('account.report_invoice', {'id': id})
+    @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_invoice(self, id, token):
+        id = int(id)
+        
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return rest_api.response_attachment({
+            'content': pdf,
+            'mimetype': 'application/pdf',
+            'filename': account_move[0]['name']
+        })
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if md5_by_id == token:
-            attachment = self._get_attachment('account.move', 'efaktur_document', id)
-            if attachment:
-                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
-            return self.response('Dokumen tidak ditemukan', code=404)
-            
-        return self.response('Tidak diizinkan')
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
+        attachment = self._get_attachment('account.move', 'efaktur_document', id)
+        if attachment and len(account_move) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': account_move[0]['name'],
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 57a933f9..5f888e6c 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,6 +3,7 @@ from odoo import http
 from odoo.http import request
 import json
 
+
 class SaleOrder(controller.Controller):
     prefix = '/api/v1/'
     PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
@@ -119,7 +120,7 @@ class SaleOrder(controller.Controller):
             return self.unauthorized_response()
         if not params['valid']:
             return self.response(code=400, description=params) 
-        
+
         partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
         domain = [
             ('id', '=', params['value']['id']),
@@ -133,6 +134,101 @@ class SaleOrder(controller.Controller):
 
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_upload_po_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number'],
+            'name': [],
+            'file': []
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.partner_purchase_order_name = params['value']['name']
+            sale_order.partner_purchase_order_file = params['value']['file']
+            data = sale_order.id
+        return self.response(data)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+    def partner_download_po_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+        attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+        if attachment and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': sale_order[0]['partner_purchase_order_name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+    def partner_download_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+        if pdf and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': pdf,
+                'mimetype': 'application/pdf',
+                'filename': sale_order[0]['name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_cancel_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params) 
+
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'cancel'
+            data = sale_order.id
+        return self.response(data)
+        
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index c90d3ff1..59885148 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -86,6 +86,7 @@ class Controller(http.Controller):
         return time
 
     def response(self, data=[], code=200, description='OK'):
+        request.env['user.activity.log'].record_activity()
         response = {
             'status': {
                 'code': code,
@@ -149,4 +150,5 @@ class Controller(http.Controller):
     def get_image(self, model, field, id):
         model = request.env[model].sudo().search([('id', '=', id)], limit=1)
         image = model[field] if model[field] else ''
+        request.env['user.activity.log'].record_activity()
         return request.make_response(base64.b64decode(image), [('Content-Type', 'image/jpg')])
diff --git a/indoteknik_api/models/account_move.py b/indoteknik_api/models/account_move.py
index f77ded16..5c31f010 100644
--- a/indoteknik_api/models/account_move.py
+++ b/indoteknik_api/models/account_move.py
@@ -1,6 +1,5 @@
 import datetime
 from odoo import models
-import hashlib
 
 
 class AccountMove(models.Model):
@@ -8,6 +7,7 @@ class AccountMove(models.Model):
 
     def api_v1_single_response(self, account_move, context=False):
         data = {
+            'token': self.env['rest.api'].md5_salt(account_move.id, 'account.move'),
             'id': account_move.id,
             'name': account_move.name,
             'purchase_order_name': account_move.ref or '',
@@ -16,7 +16,7 @@ class AccountMove(models.Model):
             'amount_total': account_move.amount_total,
             'amount_residual': account_move.amount_residual,
             'invoice_date': '',
-            'efaktur_token': self.env['rest.api'].md5_salt(account_move.id, 'account.move') if account_move.efaktur_document else '',
+            'efaktur': True if account_move.efaktur_document else False,
         }
         if isinstance(object, datetime.date):
             data['invoice_date'] = account_move.invoice_date.strftime('%d/%m/%Y')
diff --git a/indoteknik_api/models/rest_api.py b/indoteknik_api/models/rest_api.py
index 052800b7..65119b52 100644
--- a/indoteknik_api/models/rest_api.py
+++ b/indoteknik_api/models/rest_api.py
@@ -1,7 +1,9 @@
 from odoo import models
+from odoo.http import request
 import datetime
 from pytz import timezone
 import hashlib
+import base64
 
 
 class RestApi(models.TransientModel):
@@ -14,4 +16,32 @@ class RestApi(models.TransientModel):
         return time
     
     def md5_salt(self, value, salt):
-        return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest()
-\ No newline at end of file
+        return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest()
+
+    def md5_salt_valid(self, value, salt, token):
+        return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest() == token
+
+    def get_single_attachment(self, model, field, id):
+        domain = [
+            ('res_model', '=', model),
+            ('res_field', '=', field),
+            ('res_id', '=', id),
+        ]
+        fields = ['datas', 'mimetype']
+        result = self.env['ir.attachment'].sudo().search_read(domain, fields)
+        return result[0] if len(result) > 0 else None
+
+    def response_attachment(self, data = {}):
+        decode_content = data.get('decode_content', False)
+        if decode_content:
+            data['content'] = base64.b64decode(data['content'])
+
+        return request.make_response(
+            data['content'],
+            [
+                ('Content-Type', data['mimetype']),
+                ('Content-Disposition', 'attachment; filename=%s' % data['filename']),
+                ('Content-Length', len(data['content']))
+            ]
+        )
+    
+\ No newline at end of file
diff --git a/indoteknik_api/models/sale_order.py b/indoteknik_api/models/sale_order.py
index afaf6ae6..7ce8ff61 100644
--- a/indoteknik_api/models/sale_order.py
+++ b/indoteknik_api/models/sale_order.py
@@ -6,11 +6,13 @@ class SaleOrder(models.Model):
 
     def api_v1_single_response(self, sale_order, context=False):
         data = {
+            'token': self.env['rest.api'].md5_salt(sale_order.id, 'sale.order'),
             'id': sale_order.id,
             'name': sale_order.name,
             'sales': sale_order.user_id.name,
             'amount_total': sale_order.amount_total,
             'purchase_order_name': sale_order.partner_purchase_order_name,
+            'purchase_order_file': True if sale_order.partner_purchase_order_file else False,
             'invoice_count': sale_order.invoice_count,
             'status': 'draft',
         }
author	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-13 10:41:41 +0700
committer	Rafi Zadanly <zadanlyr@gmail.com>	2023-02-13 10:41:41 +0700
commit	cfa0aa5c242b14332f7bc970bb65f1fbde0a9f3b (patch)
tree	91f855964cadb0c76094cd2cc6b51f7994ce0c6d /indoteknik_api
parent	fb04f8f3c533740c79c130ab4bc097b8529cae8e (diff)
parent	7478616937cff56ccb994138831f90eae904e724 (diff)