From 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e Mon Sep 17 00:00:00 2001 From: Rafi Zadanly Date: Fri, 13 Jan 2023 11:40:44 +0700 Subject: simplify authentication --- indoteknik_api/controllers/api_v1/partner.py | 4 ---- indoteknik_api/controllers/api_v1/sale_order.py | 6 ------ indoteknik_api/controllers/api_v1/user.py | 12 +++--------- 3 files changed, 3 insertions(+), 19 deletions(-) (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/partner.py b/indoteknik_api/controllers/api_v1/partner.py index 2d7d04e8..043a82b8 100644 --- a/indoteknik_api/controllers/api_v1/partner.py +++ b/indoteknik_api/controllers/api_v1/partner.py @@ -25,10 +25,6 @@ class Partner(controller.Controller): 'zip': ['required'], }) - is_verified = self.verify_user_token(validate_request['query']['user_id']) - if not is_verified: - return self.response(code=401, description='Unauthorized') - if not validate_request['valid']: return self.response(code=400, description=validate_request) diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py index 5604a86c..a8c5bacc 100644 --- a/indoteknik_api/controllers/api_v1/sale_order.py +++ b/indoteknik_api/controllers/api_v1/sale_order.py @@ -10,12 +10,6 @@ class SaleOrder(controller.Controller): def create_sale_order(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') - - user_id = kw.get('user_id') - - is_verify = self.verify_user_token(user_id) - if not is_verify: - return self.response(code=401, description='Unauthorized') product_pricelist_default_discount_id = request.env['ir.config_parameter'].get_param('product.pricelist.default_discount_id') product_pricelist_default_discount_id = int(product_pricelist_default_discount_id) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index d71c30ea..ae04e0ff 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -109,11 +109,7 @@ class User(controller.Controller): user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: - return self.response(code=400, description='User not found') - - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') + return self.response(code=404, description='User not found') allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: @@ -131,15 +127,13 @@ class User(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - is_verify = self.verify_user_token(id) - if not is_verify: - return self.response(code=401, description='Unauthorized') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=404, description='User not found') - partners = [user.partner_id] + [x for x in user.child_ids] + partner_ids = [user.partner_id.id] + [x.id for x in user.child_ids] + partners = request.env['res.partner'].search([('id', 'in', partner_ids)], order='create_date DESC') address = [request.env['res.users'].api_address_response(x) for x in partners] return self.response(address) -- cgit v1.2.3