From 8b3d929a7cae089ac12d9752d3f97793dbe084d5 Mon Sep 17 00:00:00 2001
From: stephanchrst <stephanchrst@gmail.com>
Date: Thu, 12 Jan 2023 11:02:57 +0700
Subject: add new product rest api

---
 indoteknik_api/controllers/api_v1/product.py | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/product.py b/indoteknik_api/controllers/api_v1/product.py
index 2e978679..28a63ed5 100644
--- a/indoteknik_api/controllers/api_v1/product.py
+++ b/indoteknik_api/controllers/api_v1/product.py
@@ -6,7 +6,30 @@ import ast
 
 class Product(controller.Controller):
     prefix = '/api/v1/'
-    
+
+    @http.route(prefix + 'new_product', auth='public', methods=['GET', 'OPTIONS'])
+    def get_new_product(self):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        base_url = request.env['ir.config_parameter'].get_param('web.base.url')
+        query = [('show_as_new_product', '=', True)]
+        brands = request.env['x_manufactures'].search(query, order='sequence')
+        data = []
+        for brand in brands:
+            query_products = [
+                ('is_new_product', '=', True),
+                ('x_manufacture', '=', brand.id),
+            ]
+            products = request.env['product.template'].search(query_products, order='name')
+            data.append({
+                'manufacture_id': brand.id,
+                'sequence': brand.sequence,
+                'name': brand.x_name,
+                'image': base_url + 'api/image/x_manufactures/x_logo_manufacture/' + str(brand.id) if brand.x_logo_manufacture else '',
+                'products': [request.env['product.template'].api_single_response(x) for x in products]
+            })
+        return self.response(data)
+
     @http.route(prefix + 'product', auth='public', methods=['GET', 'OPTIONS'])
     def get_product(self, **kw):
         if not self.authenticate():
-- 
cgit v1.2.3


From 866a0b9ea34d6222b4c4936d3de32addaa2c8e30 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Thu, 12 Jan 2023 17:10:48 +0700
Subject: create request validation and api create partner

---
 indoteknik_api/controllers/api_v1/__init__.py |  1 +
 indoteknik_api/controllers/api_v1/partner.py  | 41 +++++++++++++++++++++++++++
 indoteknik_api/controllers/api_v1/user.py     |  7 ++---
 3 files changed, 45 insertions(+), 4 deletions(-)
 create mode 100644 indoteknik_api/controllers/api_v1/partner.py

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/__init__.py b/indoteknik_api/controllers/api_v1/__init__.py
index 03737d9d..e09b8f7b 100644
--- a/indoteknik_api/controllers/api_v1/__init__.py
+++ b/indoteknik_api/controllers/api_v1/__init__.py
@@ -6,6 +6,7 @@ from . import city
 from . import district
 from . import flash_sale
 from . import manufacture
+from . import partner
 from . import product_variant
 from . import product
 from . import promotion
diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py
new file mode 100644
index 00000000..2d7d04e8
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/partner.py
@@ -0,0 +1,41 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+
+
+class Partner(controller.Controller):
+    prefix = '/api/v1/'
+
+    @http.route(prefix + 'partner', auth='public', methods=['POST', 'OPTIONS'], csrf=False)
+    def create_partner(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        validate_request = self.get_request_params(kw, {
+            'user_id': ['required', 'number'],
+            'partner_id': ['required', 'number', 'alias:parent_id'],
+            'type': ['default:other'],
+            'name': ['required'],
+            'email': ['required'],
+            'mobile': ['required'],
+            'street': ['required'],
+            'city_id': ['required', 'number', 'alias:kota_id'],
+            'district_id': ['number', 'alias:kecamatan_id'],
+            'sub_district_id': ['number', 'alias:kelurahan_id'],
+            'zip': ['required'],
+        })
+
+        is_verified = self.verify_user_token(validate_request['query']['user_id'])
+        if not is_verified:
+            return self.response(code=401, description='Unauthorized')
+
+        if not validate_request['valid']:
+            return self.response(code=400, description=validate_request)
+        
+        del validate_request['value']['user_id']
+        partner = request.env['res.partner'].create([ validate_request['value'] ])
+
+        return self.response({
+            'id': partner.id,
+        })
+
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index bf1814da..d71c30ea 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -131,15 +131,14 @@ class User(controller.Controller):
             return self.response(code=401, description='Unauthorized')
         
         id = kw.get('id')
+        is_verify = self.verify_user_token(id)
+        if not is_verify:
+            return self.response(code=401, description='Unauthorized')
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
         if not user: 
             return self.response(code=404, description='User not found')
         
-        is_verify = self.verify_user_token(id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
-        
         partners = [user.partner_id] + [x for x in user.child_ids]
         address = [request.env['res.users'].api_address_response(x) for x in partners]
         
-- 
cgit v1.2.3


From 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 13 Jan 2023 11:40:44 +0700
Subject: simplify authentication

---
 indoteknik_api/controllers/api_v1/partner.py    |  4 ----
 indoteknik_api/controllers/api_v1/sale_order.py |  6 ------
 indoteknik_api/controllers/api_v1/user.py       | 12 +++---------
 3 files changed, 3 insertions(+), 19 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py
index 2d7d04e8..043a82b8 100644
--- a/indoteknik_api/controllers/api_v1/partner.py
+++ b/indoteknik_api/controllers/api_v1/partner.py
@@ -25,10 +25,6 @@ class Partner(controller.Controller):
             'zip': ['required'],
         })
 
-        is_verified = self.verify_user_token(validate_request['query']['user_id'])
-        if not is_verified:
-            return self.response(code=401, description='Unauthorized')
-
         if not validate_request['valid']:
             return self.response(code=400, description=validate_request)
         
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 5604a86c..a8c5bacc 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -10,12 +10,6 @@ class SaleOrder(controller.Controller):
     def create_sale_order(self, **kw):
         if not self.authenticate():
             return self.response(code=401, description='Unauthorized')
-
-        user_id = kw.get('user_id')
-
-        is_verify = self.verify_user_token(user_id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
         
         product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id')
         product_pricelist_default_discount_id = int(product_pricelist_default_discount_id)
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
index d71c30ea..ae04e0ff 100644
--- a/indoteknik_api/controllers/api_v1/user.py
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -109,11 +109,7 @@ class User(controller.Controller):
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
         if not user: 
-            return self.response(code=400, description='User not found')
-        
-        is_verify = self.verify_user_token(id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
+            return self.response(code=404, description='User not found')
         
         allowed_field = ['name', 'phone', 'mobile', 'password']
         for field in allowed_field:
@@ -131,15 +127,13 @@ class User(controller.Controller):
             return self.response(code=401, description='Unauthorized')
         
         id = kw.get('id')
-        is_verify = self.verify_user_token(id)
-        if not is_verify:
-            return self.response(code=401, description='Unauthorized')
         
         user = request.env['res.users'].search([('id', '=', id)], limit=1)
         if not user: 
             return self.response(code=404, description='User not found')
         
-        partners = [user.partner_id] + [x for x in user.child_ids]
+        partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids]
+        partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='create_date DESC')
         address = [request.env['res.users'].api_address_response(x) for x in partners]
         
         return self.response(address)
-- 
cgit v1.2.3