From fa6e8c91bd98100b6ef862ce388817515f77b55d Mon Sep 17 00:00:00 2001 From: it-fixcomart Date: Mon, 12 Aug 2024 13:15:25 +0700 Subject: add api tracking order --- indoteknik_api/controllers/api_v1/sale_order.py | 33 ++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index ee173d29..d44868f0 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -615,4 +615,35 @@ class SaleOrder(controller.Controller): } return self.response(data) - \ No newline at end of file + + @http.route(prefix + 'tracking_order', auth='public', method=['GET', 'OPTIONS']) + @controller.Controller.must_authorized() + def tracking_get_sale_order_detail(self, **kw): + # Extract 'so' and 'email' parameters from query parameters + so = kw.get('so') + email_user = kw.get('email') + + if not email_user or not so: + return self.response(code=400, description="Email and Sale Order number are required.") + + # Search for the sale order by the name (so) + sale_order = request.env['sale.order'].search([('name', '=', so)], limit=1) + if not sale_order: + return self.response(code=404, description="Sale Order not found.") + + # Get the partner associated with the sale order + partner = sale_order.partner_id + + # Check if the email matches the partner's email + if partner.email != email_user: + return self.response(code=403, description="Email does not match the Sale Order.") + + # Check for partner child ids if needed + partner_child_ids = self.get_partner_child_ids(partner.id) + if sale_order.partner_id.id not in partner_child_ids: + return self.response(code=403, description="Unauthorized access to Sale Order details.") + + # Prepare the response data + data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail') + + return self.response(data) \ No newline at end of file -- cgit v1.2.3 From 57bc06d6991f4ab2f0f0ef4baecbf071eb62042a Mon Sep 17 00:00:00 2001 From: it-fixcomart Date: Mon, 12 Aug 2024 16:32:06 +0700 Subject: update api tracking order --- indoteknik_api/controllers/api_v1/sale_order.py | 29 ++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index d44868f0..a9113ada 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -624,26 +624,45 @@ class SaleOrder(controller.Controller): email_user = kw.get('email') if not email_user or not so: - return self.response(code=400, description="Email and Sale Order number are required.") + return self.response({ + 'code': 400, + 'so': so, + 'email': email_user, + 'description': "Email and Sale Order number are required." + }) # Search for the sale order by the name (so) sale_order = request.env['sale.order'].search([('name', '=', so)], limit=1) if not sale_order: - return self.response(code=404, description="Sale Order not found.") + return self.response({ + 'code': 404, + 'so': so, + 'email': email_user, + 'description': "Sale Order not found." + }) # Get the partner associated with the sale order partner = sale_order.partner_id # Check if the email matches the partner's email if partner.email != email_user: - return self.response(code=403, description="Email does not match the Sale Order.") + return self.response({ + 'code': 403, + 'so': so, + 'email': email_user, + 'description': "Email does not match the Sale Order." + }) # Check for partner child ids if needed partner_child_ids = self.get_partner_child_ids(partner.id) if sale_order.partner_id.id not in partner_child_ids: - return self.response(code=403, description="Unauthorized access to Sale Order details.") + return self.response({ + 'so': so, + 'email': email_user, + 'description': "Unauthorized access to Sale Order details." + }) # Prepare the response data data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail') - return self.response(data) \ No newline at end of file + return self.response(data) -- cgit v1.2.3 From 2513b765773fca587dbd298e77732d2d005949c8 Mon Sep 17 00:00:00 2001 From: it-fixcomart Date: Tue, 13 Aug 2024 11:24:51 +0700 Subject: update api tracking order to get email same partner in company --- indoteknik_api/controllers/api_v1/sale_order.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index a9113ada..0da7f894 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -643,20 +643,26 @@ class SaleOrder(controller.Controller): # Get the partner associated with the sale order partner = sale_order.partner_id + company_id = partner.company_id.id - # Check if the email matches the partner's email - if partner.email != email_user: + # Search for all partners within the same company + partners_in_company = request.env['res.partner'].search([('company_id', '=', company_id)]) + + # Check if the email matches any partner's email in the same company + email_match = partners_in_company.filtered(lambda p: p.email == email_user) + if not email_match: return self.response({ 'code': 403, 'so': so, 'email': email_user, - 'description': "Email does not match the Sale Order." + 'description': "Email does not match any partner in the same company as the Sale Order." }) # Check for partner child ids if needed partner_child_ids = self.get_partner_child_ids(partner.id) if sale_order.partner_id.id not in partner_child_ids: return self.response({ + 'code': 403, 'so': so, 'email': email_user, 'description': "Unauthorized access to Sale Order details." @@ -666,3 +672,4 @@ class SaleOrder(controller.Controller): data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail') return self.response(data) + -- cgit v1.2.3