From 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 6 Feb 2023 12:02:42 +0700
Subject: add api cancel SO and upload PO in SO

---
 indoteknik_api/controllers/api_v1/download.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1/download.py')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 3794744e..f12be337 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -19,8 +19,8 @@ class Download(controller.Controller):
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
@@ -30,8 +30,8 @@ class Download(controller.Controller):
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
-- 
cgit v1.2.3