1 files changed, 23 insertions, 9 deletions

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index a08d9fa4..4a7a8fb6 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -29,13 +29,14 @@ class Controller(http.Controller):
                 authorization = wsgienv['HTTP_AUTHORIZATION']
             except:
                 authorization = None
+            request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
             token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
             result = False
             if authorization == token:
-                request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
-                result = True
-            if self.verify_user_token():
                 result = True
+            user_token = self.verify_user_token()
+            if user_token:
+                result = user_token
             return result
     
     def get_request_params(self, kw, queries):
@@ -68,19 +69,17 @@ class Controller(http.Controller):
                 elif rule == 'number' and value and not value.isdigit():
                     result['reason'].append(key + ' must be ' + rule)
 
+            result['query'][key] = value
             if not value and default:
                 value = default
             if is_number and value.isdigit():
                 value = int(value)
-            if not value:
+            if not value and not default:
                 value = None
             result['value'][alias] = value
-            result['query'][key] = value
 
             if len(result['reason']) > 0:
                 result['valid'] = False
-        if not result['valid']:
-            del result['value']
         return result
 
     def time_to_str(self, object, format):
@@ -107,6 +106,9 @@ class Controller(http.Controller):
             ('Content-Type', 'application/json'),
         ])
 
+    def unauthorized_response(self):
+        return self.response(code=401, description='Unauthorized')
+
     def search_filter(self, model: str, kw: dict, query: array = []):
         """ To search data by default API Params if exist """
         limit = kw.get('limit', 0)
@@ -122,13 +124,25 @@ class Controller(http.Controller):
         try:
             token = request.httprequest.environ['HTTP_TOKEN']
             user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
-            user = request.env['res.users'].search([('id', '=', user_token['id'])])
+            user = request.env['res.users'].browse([ user_token['id'] ])
             if not user:
                 return False
-            return True
+            data = {
+                'id': user.id,
+                'partner_id': None
+            }
+            if user.partner_id:
+                data['partner_id'] = user.partner_id.id
+            return data
         except:
             return False
     
+    def get_partner_child_ids(self, partner_id):
+        parent_partner_id = request.env['res.partner'].search([('id', '=', partner_id)], limit=1).parent_id.id
+        partner_childs = request.env['res.partner'].search([('parent_id', '=', int(parent_partner_id))])
+        partner_child_ids = [v['id'] for v in partner_childs] + [partner_id]
+        return partner_child_ids
+
     @http.route('/api/token', auth='public', methods=['GET', 'OPTIONS'])
     def get_api_token(self, **kw):
         return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '')