From 5c9214c1c846e61c5356e1b19341b070c2303198 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Thu, 23 Feb 2023 10:39:40 +0700 Subject: partner company type and edit partner data --- indoteknik_api/controllers/api_v1/partner.py | 57 ++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'indoteknik_api/controllers/api_v1/partner.py') diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index 09b3caa0..8c7dbd57 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -81,3 +81,60 @@ class Partner(controller.Controller): 'id': partner.id, }) + @http.route(prefix + 'partner/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + def write_partner_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + params = self.get_request_params(kw, { + 'id': ['required', 'number'], + 'name': [], + 'company_type_id': ['number'], + 'industry_id': ['number'], + 'tax_name': ['alias:nama_wajib_pajak'], + 'npwp': [], + }) + + if not params['valid']: + return self.response(code=400, description=params) + + partner = request.env[self._name].search([('id', '=', params['value']['id'])], limit=1) + if not partner: + return self.response(code=404, description='User not found') + + partner.write(params['value']) + + return self.response({ + 'id': partner.id + }) + + @http.route(prefix + 'partner/industry', auth='public', methods=['GET', 'OPTIONS']) + def get_partner_industry(self): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + partner_industry = request.env['res.partner.industry'].search([]) + data = [] + for industry in partner_industry: + data.append({ + 'id': industry.id, + 'name': industry.name + }) + + return self.response(data) + + @http.route(prefix + 'partner/company_type', auth='public', methods=['GET', 'OPTIONS']) + def get_partner_company_type(self): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + partner_company_type = request.env['res.partner.company_type'].search([]) + data = [] + for company_type in partner_company_type: + data.append({ + 'id': company_type.id, + 'name': company_type.name + }) + + return self.response(data) + -- cgit v1.2.3 From 58602284da96024060a553e12245638004d8f95f Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Thu, 23 Feb 2023 10:51:39 +0700 Subject: add secure on write partner data --- indoteknik_api/controllers/api_v1/partner.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'indoteknik_api/controllers/api_v1/partner.py') diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index 8c7dbd57..ba59a1ce 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -83,8 +83,9 @@ class Partner(controller.Controller): @http.route(prefix + 'partner/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) def write_partner_by_id(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() params = self.get_request_params(kw, { 'id': ['required', 'number'], @@ -101,7 +102,10 @@ class Partner(controller.Controller): partner = request.env[self._name].search([('id', '=', params['value']['id'])], limit=1) if not partner: return self.response(code=404, description='User not found') - + + if user_token['partner_id'] not in self.get_partner_child_ids(partner.id): + return self.unauthorized_response() + partner.write(params['value']) return self.response({ -- cgit v1.2.3