From 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Mon, 6 Feb 2023 12:02:42 +0700 Subject: add api cancel SO and upload PO in SO --- indoteknik_api/controllers/api_v1/download.py | 8 ++-- indoteknik_api/controllers/api_v1/sale_order.py | 56 +++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 4 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py index 3794744e..f12be337 100644 --- a/indoteknik_api/controllers/api_v1/download.py +++ b/indoteknik_api/controllers/api_v1/download.py @@ -19,8 +19,8 @@ class Download(controller.Controller): def download_invoice(self, id, token): id = int(id) - md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if not md5_by_id == token: + md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token) + if not md5_valid: return self.response('Unauthorized') pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id]) @@ -30,8 +30,8 @@ class Download(controller.Controller): def download_tax_invoice(self, id, token): id = int(id) - md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move') - if not md5_by_id == token: + md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token) + if not md5_valid: return self.response('Unauthorized') attachment = self._get_attachment('account.move', 'efaktur_document', id) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 52ccf9fa..9a4b23d9 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -105,6 +105,62 @@ class SaleOrder(controller.Controller): return self.response(data) + @http.route(PREFIX_PARTNER + 'sale_order//upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def partner_upload_po_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'], + 'name': [], + 'file': [] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + data = False + sale_order = request.env['sale.order'].search(domain) + if sale_order: + sale_order.partner_purchase_order_name = params['value']['name'] + sale_order.partner_purchase_order_file = params['value']['file'] + data = sale_order.id + return self.response(data) + + @http.route(PREFIX_PARTNER + 'sale_order//cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False) + def partner_cancel_sale_order(self, **kw): + user_token = self.authenticate() + if not user_token: + return self.unauthorized_response() + + params = self.get_request_params(kw, { + 'partner_id': ['number'], + 'id': ['number'] + }) + if not user_token['partner_id'] == params['value']['partner_id']: + return self.unauthorized_response() + if not params['valid']: + return self.response(code=400, description=params) + + partner_child_ids = self.get_partner_child_ids(params['value']['partner_id']) + domain = [ + ('id', '=', params['value']['id']), + ('partner_id', 'in', partner_child_ids) + ] + data = False + sale_order = request.env['sale.order'].search(domain) + if sale_order: + sale_order.state = 'cancel' + data = sale_order.id + return self.response(data) + @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False) def create_partner_sale_order(self, **kw): user_token = self.authenticate() -- cgit v1.2.3