1 files changed, 130 insertions, 26 deletions

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index f2ec8dfe..1c67d6c5 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,12 +3,14 @@ from odoo import http
 from odoo.http import request
 import json
 
+
 class SaleOrder(controller.Controller):
     prefix = '/api/v1/'
     PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
 
     @http.route(prefix + "sale_order_number", auth='public', method=['GET', 'OPTIONS'])
     def get_number_sale_order(self, **kw):
+        # for midtrans only
         user_token = self.authenticate()
         if not user_token:
             return self.unauthorized_response()
@@ -16,11 +18,31 @@ class SaleOrder(controller.Controller):
         sale_order_id = int(kw.get('sale_order_id', '0'))
         sale_number = str(kw.get('sale_number', ''))
         if sale_order_id > 0:
-            sales = request.env['sale.order'].search_read([('id', '=', sale_order_id)], fields=['id', 'name', 'amount_total', 'state'])
+            query = [('id', '=', sale_order_id)]
+            # sales = request.env['sale.order'].search_read([('id', '=', sale_order_id)], fields=['id', 'name', 'amount_total', 'state'])
+            sales = request.env['sale.order'].search(query, limit=1)
         else:
-            sales = request.env['sale.order'].search_read([('name', '=', sale_number)], fields=['id', 'name', 'amount_total', 'state'])
+            query = [('name', '=', sale_number)]
+            # sales = request.env['sale.order'].search_read([('name', '=', sale_number)], fields=['id', 'name', 'amount_total', 'state'])
+            sales = request.env['sale.order'].search(query, limit=1)
+        data = []
+        for sale in sales:
+            product_name = ''
+            product_not_in_id = 0
+            for line in sale.order_line:
+                product_name = line.product_id.name
+                product_not_in_id = line.product_id.id
+                break
+            data.append({
+                'id': sale.id,
+                'name': sale.name,
+                'amount_total': sale.amount_total,
+                'state': sale.state,
+                'product_name': product_name,
+                'product_not_in_id': product_not_in_id,
+            })
 
-        return self.response(sales)
+        return self.response(data)
 
     @http.route(PREFIX_PARTNER + 'sale_order', auth='public', method=['GET', 'OPTIONS'])
     def get_partner_sale_order(self, **kw):
@@ -45,7 +67,11 @@ class SaleOrder(controller.Controller):
         domain = [('partner_id', 'in', partner_child_ids)]
         if params['value']['name']:
             name = params['value']['name'].replace(' ', '%')
-            domain.append(('name', 'ilike', '%'+ name +'%'))
+            domain += [
+                '|',
+                ('name', 'ilike', '%'+ name +'%'),
+                ('partner_purchase_order_name', 'ilike', '%'+ name +'%')
+            ]
         sale_orders = request.env['sale.order'].search(domain, offset=offset, limit=limit)
         data = {
             'sale_order_total': request.env['sale.order'].search_count(domain),
@@ -76,29 +102,105 @@ class SaleOrder(controller.Controller):
         data = {}
         sale_order = request.env['sale.order'].search(domain)
         if sale_order:
-            res_users = request.env['res.users']
-            data = {
-                'id': sale_order.id,
-                'name': sale_order.name,
-                'payment_term': sale_order.payment_term_id.name or '',
-                'sales': sale_order.user_id.name or '',
-                'date_order': self.time_to_str(sale_order.date_order, '%d/%m/%Y %H:%M:%S'),
-                'purchase_order_name': sale_order.partner_purchase_order_name,
-                'products': [],
-                'amount_total': sale_order.amount_total,
-                'address': {
-                    'customer': res_users.api_address_response(sale_order.partner_id),
-                    'invoice': res_users.api_address_response(sale_order.partner_invoice_id),
-                    'shipping': res_users.api_address_response(sale_order.partner_shipping_id)
-                }
-            }
-            for line in sale_order.order_line:
-                product = request.env['product.product'].api_single_response(line.product_id)
-                product['quantity'] = line.product_uom_qty
-                data['products'].append(product)
+            data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail')
         
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_upload_po_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number'],
+            'name': [],
+            'file': []
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.partner_purchase_order_name = params['value']['name']
+            sale_order.partner_purchase_order_file = params['value']['file']
+            data = sale_order.id
+        return self.response(data)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+    def partner_download_po_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+        attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+        if attachment and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': sale_order[0]['partner_purchase_order_name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+    def partner_download_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+        if pdf and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': pdf,
+                'mimetype': 'application/pdf',
+                'filename': sale_order[0]['name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_cancel_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'cancel'
+            data = sale_order.id
+        return self.response(data)
+        
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()
@@ -115,6 +217,7 @@ class SaleOrder(controller.Controller):
             'order_line': ['required', 'default:[]'],
             'po_number': [],
             'po_file': [],
+            'type': [],
         })
 
         if not user_token['partner_id'] == params['value']['partner_id']:
@@ -139,10 +242,11 @@ class SaleOrder(controller.Controller):
             'real_shipping_id': params['value']['partner_shipping_id'],
             'partner_invoice_id': params['value']['partner_invoice_id'],
             'partner_purchase_order_name': params['value']['po_number'],
-            'partner_purchase_order_file': params['value']['po_file']
+            'partner_purchase_order_file': params['value']['po_file'],
         }
+        if params['value']['type'] == 'sale_order':
+            parameters['approval_status'] = 'pengajuan1'
         sale_order = request.env['sale.order'].create([[parameters]])
-
         order_line = json.loads(params['value']['order_line'])
         parameters = []
         for line in order_line: