From 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Mon, 6 Feb 2023 12:02:42 +0700 Subject: add api cancel SO and upload PO in SO --- indoteknik_api/controllers/api_v1/download.py | 8 ++-- indoteknik_api/controllers/api_v1/sale_order.py | 56 +++++++++++++++++++++++++ indoteknik_api/models/account_move.py | 1 - indoteknik_api/models/rest_api.py | 5 ++- indoteknik_api/models/sale_order.py | 1 + 5 files changed, 65 insertions(+), 6 deletions(-) diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py index 3794744e..f12be337 100644 --- a/indoteknik_api/controllers/api_v1/download.py +++ b/indoteknik_api/controllers/api_v1/download.py @@ -19,8 +19,8 @@ class Download(controller.Controller): def download_invoice(self, id, token): id = int(id) - md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if not md5_by_id == token: + md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token) + if not md5_valid: return self.response('Unauthorized') pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id]) @@ -30,8 +30,8 @@ class Download(controller.Controller): def download_tax_invoice(self, id, token): id = int(id) - md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if not md5_by_id == token: + md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token) + if not md5_valid: return self.response('Unauthorized') attachment = self._get_attachment('account.move', 'efaktur_document', id) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 52ccf9fa..9a4b23d9 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -105,6 +105,62 @@ class SaleOrder(controller.Controller): return self.response(data) + @http.route(PREFIX_PARTNER + 'sale_order//upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def partner_upload_po_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'], + 'name': [], + 'file': [] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + data = False + sale_order = request.env['sale.order'].search(domain) + if sale_order: + sale_order.partner_purchase_order_name = params['value']['name'] + sale_order.partner_purchase_order_file = params['value']['file'] + data = sale_order.id + return self.response(data) + + @http.route(PREFIX_PARTNER + 'sale_order//cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def partner_cancel_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + data = False + sale_order = request.env['sale.order'].search(domain) + if sale_order: + sale_order.state = 'cancel' + data = sale_order.id + return self.response(data) + @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) def create_partner_sale_order(self, **kw): user_token = self.authenticate() diff --git a/indoteknik_api/models/account_move.py b/indoteknik_api/models/account_move.py index 3c8fd655..5c31f010 100644 --- a/indoteknik_api/models/account_move.py +++ b/indoteknik_api/models/account_move.py @@ -1,6 +1,5 @@ import datetime from odoo import models -import hashlib class AccountMove(models.Model): diff --git a/indoteknik_api/models/rest_api.py b/indoteknik_api/models/rest_api.py index 052800b7..0a15aad1 100644 --- a/indoteknik_api/models/rest_api.py +++ b/indoteknik_api/models/rest_api.py @@ -14,4 +14,7 @@ class RestApi(models.TransientModel): return time def md5_salt(self, value, salt): - return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest() \ No newline at end of file + return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest() + + def md5_salt_valid(self, value, salt, token): + return hashlib.md5((salt + '$' + str(value)).encode()).hexdigest() == token \ No newline at end of file diff --git a/indoteknik_api/models/sale_order.py b/indoteknik_api/models/sale_order.py index c7d488be..cc2f9586 100644 --- a/indoteknik_api/models/sale_order.py +++ b/indoteknik_api/models/sale_order.py @@ -32,6 +32,7 @@ class SaleOrder(models.Model): if context == 'with_detail': res_users = self.env['res.users'] data_with_detail = { + 'purchase_order_file': True if sale_order.partner_purchase_order_file else False, 'payment_term': sale_order.payment_term_id.name or '', 'date_order': self.env['rest.api'].datetime_to_str(sale_order.date_order, '%d/%m/%Y %H:%M:%S'), 'products': [], -- cgit v1.2.3