1 files changed, 20 insertions, 11 deletions

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index b215a4cd..36f775b5 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -7,19 +7,28 @@ import base64
 class Download(controller.Controller):
     PREFIX = '/api/v1/'
 
-    @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
-    def download_tax_invoice(self, **kw):
+    def _get_attachment(self, model, field, id):
+        result = request.env['ir.attachment'].sudo().search_read([
+            ('res_model', '=', model),
+            ('res_field', '=', field),
+            ('res_id', '=', id),
+        ], ['datas', 'mimetype'])
+        return result if len(result) > 0 else None
+
+    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
+    def download_invoice(self, **kw):
         id = int(kw.get('id', 0))
-        token = kw.get('token', '')
+        return request.render('account.report_invoice', {'id': id})
+
+    @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_tax_invoice(self, id, token):
+        id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move$')
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
         if md5_by_id == token:
-            attachment = request.env['ir.attachment'].sudo().search_read([
-                ('res_model', '=', 'account.move'),
-                ('res_field', '=', 'efaktur_document'),
-                ('res_id', '=', id),
-            ], ['datas', 'mimetype'])
-            attachment = attachment[0]
-            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+            attachment = self._get_attachment('account.move', 'efaktur_document', id)
+            if attachment:
+                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+            return self.response('Dokumen tidak ditemukan', code=404)
             
         return self.response('Tidak diizinkan')