summaryrefslogtreecommitdiff
path: root/indoteknik_api/controllers/api_v1/download.py
diff options
context:
space:
mode:
Diffstat (limited to 'indoteknik_api/controllers/api_v1/download.py')
-rw-r--r--indoteknik_api/controllers/api_v1/download.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 3794744e..f12be337 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -19,8 +19,8 @@ class Download(controller.Controller):
def download_invoice(self, id, token):
id = int(id)
- md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
- if not md5_by_id == token:
+ md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+ if not md5_valid:
return self.response('Unauthorized')
pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
@@ -30,8 +30,8 @@ class Download(controller.Controller):
def download_tax_invoice(self, id, token):
id = int(id)
- md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
- if not md5_by_id == token:
+ md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+ if not md5_valid:
return self.response('Unauthorized')
attachment = self._get_attachment('account.move', 'efaktur_document', id)
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-18 03:08:31 +0000