From 46cc2c3deb299cc61c14a0675221b811aaf999b8 Mon Sep 17 00:00:00 2001
From: stephanchrst <stephanchrst@gmail.com>
Date: Fri, 27 Jan 2023 10:42:46 +0700
Subject: initial commit for midtrans development

---
 indoteknik_api/controllers/api_v1/__init__.py   |  1 +
 indoteknik_api/controllers/api_v1/midtrans.py   | 34 +++++++++++++++++++++++++
 indoteknik_api/controllers/api_v1/sale_order.py |  2 +-
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 indoteknik_api/controllers/api_v1/midtrans.py

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/__init__.py b/indoteknik_api/controllers/api_v1/__init__.py
index a4776503..ab499443 100644
--- a/indoteknik_api/controllers/api_v1/__init__.py
+++ b/indoteknik_api/controllers/api_v1/__init__.py
@@ -18,3 +18,4 @@ from . import wishlist
 from . import brand_homepage
 from . import customer
 from . import content
+from . import midtrans
diff --git a/indoteknik_api/controllers/api_v1/midtrans.py b/indoteknik_api/controllers/api_v1/midtrans.py
new file mode 100644
index 00000000..9a0ca50e
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/midtrans.py
@@ -0,0 +1,34 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+import json
+
+
+class Midtrans(controller.Controller):
+    prefix = '/api/v1/'
+
+    @http.route(prefix + 'midtrans/notification', auth='none', type='json', csrf=False, cors='*', methods=['POST', 'OPTIONS'])
+    def notification(self, **kw):
+        json_raw = json.loads(request.httprequest.data)
+        trx_status = json.loads(request.httprequest.data)['transaction_status']
+        order_no = json.loads(request.httprequest.data)['order_id']
+
+        query = [('name', '=', order_no)]
+        order = request.env['sale.order'].search(query, limit=1)
+        order.transaction_status = trx_status
+
+        request.env['midtrans.notification'].create([{
+            'sale_order_id': order.id,
+            'json_raw': json_raw,
+            'payment_status': trx_status,
+        }])
+
+        return
+
+    @http.route(prefix + 'midtrans/recurring', auth='none', type='json', csrf=False, cors='*', methods=['POST', 'OPTIONS'])
+    def recurring(self, **kw):
+        json_raw = json.loads(request.httprequest.data)
+        request.env['midtrans.recurring'].create([{
+            'json_raw': json_raw,
+        }])
+        return
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index f2ec8dfe..4128d9f9 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -142,7 +142,7 @@ class SaleOrder(controller.Controller):
             'partner_purchase_order_file': params['value']['po_file']
         }
         sale_order = request.env['sale.order'].create([[parameters]])
-
+        var = json.loads(kw.get('transaction_time', '{}'))
         order_line = json.loads(params['value']['order_line'])
         parameters = []
         for line in order_line:
-- 
cgit v1.2.3


From 669b9de298ed3667fc6aaf1e6070604c1799a0a8 Mon Sep 17 00:00:00 2001
From: stephanchrst <stephanchrst@gmail.com>
Date: Fri, 27 Jan 2023 10:56:07 +0700
Subject: bug fix unauthorized sale order

---
 indoteknik_api/controllers/api_v1/midtrans.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/midtrans.py b/indoteknik_api/controllers/api_v1/midtrans.py
index 9a0ca50e..a5e667cf 100644
--- a/indoteknik_api/controllers/api_v1/midtrans.py
+++ b/indoteknik_api/controllers/api_v1/midtrans.py
@@ -14,8 +14,8 @@ class Midtrans(controller.Controller):
         order_no = json.loads(request.httprequest.data)['order_id']
 
         query = [('name', '=', order_no)]
-        order = request.env['sale.order'].search(query, limit=1)
-        order.transaction_status = trx_status
+        order = request.env['sale.order'].sudo().search(query, limit=1)
+        order.payment_status = trx_status
 
         request.env['midtrans.notification'].create([{
             'sale_order_id': order.id,
-- 
cgit v1.2.3


From daf2b9581e8d1d72a72c7b01e760c4e67407472e Mon Sep 17 00:00:00 2001
From: stephanchrst <stephanchrst@gmail.com>
Date: Fri, 27 Jan 2023 11:05:53 +0700
Subject: add midtrans pay account notification

---
 indoteknik_api/controllers/api_v1/midtrans.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/midtrans.py b/indoteknik_api/controllers/api_v1/midtrans.py
index a5e667cf..fdc801d3 100644
--- a/indoteknik_api/controllers/api_v1/midtrans.py
+++ b/indoteknik_api/controllers/api_v1/midtrans.py
@@ -32,3 +32,11 @@ class Midtrans(controller.Controller):
             'json_raw': json_raw,
         }])
         return
+
+    @http.route(prefix + 'midtrans/payaccount', auth='none', type='json', csrf=False, cors='*', methods=['POST', 'OPTIONS'])
+    def payaccount(self, **kw):
+        json_raw = json.loads(request.httprequest.data)
+        request.env['midtrans.account'].create([{
+            'json_raw': json_raw,
+        }])
+        return
\ No newline at end of file
-- 
cgit v1.2.3


From 39e27d0187d352dfea7db1bc1c9aece42e348caa Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 27 Jan 2023 11:08:02 +0700
Subject: sale order and invoice api

---
 indoteknik_api/controllers/api_v1/invoice.py    | 25 ++++++-----------------
 indoteknik_api/controllers/api_v1/sale_order.py | 27 ++++++-------------------
 2 files changed, 12 insertions(+), 40 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/invoice.py b/indoteknik_api/controllers/api_v1/invoice.py
index 5a6e8316..59cacfc4 100644
--- a/indoteknik_api/controllers/api_v1/invoice.py
+++ b/indoteknik_api/controllers/api_v1/invoice.py
@@ -34,7 +34,11 @@ class Invoice(controller.Controller):
         ]
         if params['value']['name']:
             name = params['value']['name'].replace(' ', '%')
-            domain.append(('name', 'ilike', '%'+ name +'%'))
+            domain += [
+                '|',
+                ('name', 'ilike', '%'+ name +'%'),
+                ('ref', 'ilike', '%'+ name +'%')
+            ]
         invoices = request.env['account.move'].search(domain, offset=offset, limit=limit)
         data = {
             'invoice_total': request.env['account.move'].search_count(domain),
@@ -67,23 +71,6 @@ class Invoice(controller.Controller):
         data = {}
         account_move = request.env['account.move'].search(domain)
         if account_move:
-            res_users = request.env['res.users']
-            data = {
-                'id': account_move.id,
-                'name': account_move.name,
-                'purchase_order_name': account_move.ref or '',
-                'payment_term': account_move.invoice_payment_term_id.name or '',
-                'sales': account_move.invoice_user_id.name,
-                'amount_total': account_move.amount_total,
-                'amount_residual': account_move.amount_residual,
-                'invoice_date': account_move.invoice_date.strftime('%d/%m/%Y') or '',
-                'invoice_date_due': account_move.invoice_date_due.strftime('%d/%m/%Y') or '',
-                'customer': res_users.api_address_response(account_move.partner_id),
-                'products': [],
-            }
-            for line in account_move.invoice_line_ids:
-                product = request.env['product.product'].api_single_response(line.product_id)
-                product['quantity'] = line.quantity
-                data['products'].append(product)
+            data = request.env['account.move'].api_v1_single_response(account_move, context='with_detail')
         
         return self.response(data)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 90dee56c..073f6301 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -30,7 +30,11 @@ class SaleOrder(controller.Controller):
         domain = [('partner_id', 'in', partner_child_ids)]
         if params['value']['name']:
             name = params['value']['name'].replace(' ', '%')
-            domain.append(('name', 'ilike', '%'+ name +'%'))
+            domain += [
+                '|',
+                ('name', 'ilike', '%'+ name +'%'),
+                ('partner_purchase_order_name', 'ilike', '%'+ name +'%')
+            ]
         sale_orders = request.env['sale.order'].search(domain, offset=offset, limit=limit)
         data = {
             'sale_order_total': request.env['sale.order'].search_count(domain),
@@ -61,26 +65,7 @@ class SaleOrder(controller.Controller):
         data = {}
         sale_order = request.env['sale.order'].search(domain)
         if sale_order:
-            res_users = request.env['res.users']
-            data = {
-                'id': sale_order.id,
-                'name': sale_order.name,
-                'payment_term': sale_order.payment_term_id.name or '',
-                'sales': sale_order.user_id.name or '',
-                'date_order': self.time_to_str(sale_order.date_order, '%d/%m/%Y %H:%M:%S'),
-                'purchase_order_name': sale_order.partner_purchase_order_name,
-                'products': [],
-                'amount_total': sale_order.amount_total,
-                'address': {
-                    'customer': res_users.api_address_response(sale_order.partner_id),
-                    'invoice': res_users.api_address_response(sale_order.partner_invoice_id),
-                    'shipping': res_users.api_address_response(sale_order.partner_shipping_id)
-                }
-            }
-            for line in sale_order.order_line:
-                product = request.env['product.product'].api_single_response(line.product_id)
-                product['quantity'] = line.product_uom_qty
-                data['products'].append(product)
+            data = request.env['sale.order'].api_v1_single_response(sale_order, context='with_detail')
         
         return self.response(data)
 
-- 
cgit v1.2.3


From 1ae31b80e82373cac0275daeb943f054296917af Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 27 Jan 2023 17:10:57 +0700
Subject: wishlist by user

---
 indoteknik_api/controllers/api_v1/wishlist.py | 63 +++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/wishlist.py b/indoteknik_api/controllers/api_v1/wishlist.py
index 9860f40b..192a9c49 100644
--- a/indoteknik_api/controllers/api_v1/wishlist.py
+++ b/indoteknik_api/controllers/api_v1/wishlist.py
@@ -5,6 +5,7 @@ from odoo.http import request
 
 class Wishlist(controller.Controller):
     prefix = '/api/v1/'
+    PREFIX_USER = prefix + 'user/<user_id>/'
     
     @http.route(prefix + 'wishlist', auth='public', methods=['GET'])
     def get_wishlist_by_user_id(self, **kw):
@@ -71,3 +72,65 @@ class Wishlist(controller.Controller):
             create = request.env['website.user.wishlist'].create(params)
             result['id'] = create.id
         return self.response(result)
+
+    @http.route(PREFIX_USER + 'wishlist', auth='public', methods=['GET', 'OPTIONS'])
+    def get_user_wishlist(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'user_id': ['number'],
+            'product_id': [],
+            'limit': ['default:0', 'number'],
+            'offset': ['default:0', 'number'],
+        })
+        limit = params['value']['limit']
+        offset = params['value']['offset']
+        if not user_token['id'] == params['value']['user_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params) 
+
+        domain = [('user_id', '=', params['value']['user_id'])]
+        if params['value']['product_id']:
+            domain.append(('product_id', '=', params['value']['product_id']))
+        wishlists = request.env['website.user.wishlist'].search(domain, limit=limit, offset=offset, order='create_date DESC')
+        product = []
+        for wishlist in wishlists:
+            product.append(request.env['product.template'].api_single_response(wishlist.product_id))
+        data = {
+            'product_total': request.env['website.user.wishlist'].search_count(domain),
+            'products': product 
+        }
+        return self.response(data)
+
+    @http.route(PREFIX_USER + 'wishlist/create-or-delete', auth='public', methods=['POST', 'OPTIONS'], csrf=False)
+    def create_or_delete_user_wishlist(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'user_id': ['number'],
+            'product_id': ['required', 'number'],
+        })
+        if not user_token['id'] == params['value']['user_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params) 
+        
+        query = [
+            ('user_id', '=', params['value']['user_id']),
+            ('product_id', '=', params['value']['product_id'])
+        ]
+        wishlist = request.env['website.user.wishlist'].search(query, limit=1)
+        result = {}
+        if wishlist:
+            wishlist.unlink()
+            result['id'] = wishlist.id
+        else:
+            create = request.env['website.user.wishlist'].create(params['value'])
+            result['id'] = create.id
+        return self.response(result)
+        
\ No newline at end of file
-- 
cgit v1.2.3


From a197b978872cab655263541d65bc86e5131e78aa Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 30 Jan 2023 09:34:06 +0700
Subject: api wishlist

---
 indoteknik_api/controllers/api_v1/wishlist.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/wishlist.py b/indoteknik_api/controllers/api_v1/wishlist.py
index 192a9c49..a3299033 100644
--- a/indoteknik_api/controllers/api_v1/wishlist.py
+++ b/indoteknik_api/controllers/api_v1/wishlist.py
@@ -81,7 +81,7 @@ class Wishlist(controller.Controller):
 
         params = self.get_request_params(kw, {
             'user_id': ['number'],
-            'product_id': [],
+            'product_id': ['number'],
             'limit': ['default:0', 'number'],
             'offset': ['default:0', 'number'],
         })
@@ -92,7 +92,10 @@ class Wishlist(controller.Controller):
         if not params['valid']:
             return self.response(code=400, description=params) 
 
-        domain = [('user_id', '=', params['value']['user_id'])]
+        domain = [
+            ('user_id', '=', params['value']['user_id']),
+            ('variant_id', '=', False)
+        ]
         if params['value']['product_id']:
             domain.append(('product_id', '=', params['value']['product_id']))
         wishlists = request.env['website.user.wishlist'].search(domain, limit=limit, offset=offset, order='create_date DESC')
-- 
cgit v1.2.3


From 92db799e6902b2a2bd6aca5c95c4ec8e46f816de Mon Sep 17 00:00:00 2001
From: stephanchrst <stephanchrst@gmail.com>
Date: Tue, 31 Jan 2023 09:55:37 +0700
Subject: add product in sale order midtrans

---
 indoteknik_api/controllers/api_v1/sale_order.py | 27 ++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 7ce8cd43..77c3e233 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -9,6 +9,7 @@ class SaleOrder(controller.Controller):
 
     @http.route(prefix + "sale_order_number", auth='public', method=['GET', 'OPTIONS'])
     def get_number_sale_order(self, **kw):
+        # for midtrans only
         user_token = self.authenticate()
         if not user_token:
             return self.unauthorized_response()
@@ -16,11 +17,31 @@ class SaleOrder(controller.Controller):
         sale_order_id = int(kw.get('sale_order_id', '0'))
         sale_number = str(kw.get('sale_number', ''))
         if sale_order_id > 0:
-            sales = request.env['sale.order'].search_read([('id', '=', sale_order_id)], fields=['id', 'name', 'amount_total', 'state'])
+            query = [('id', '=', sale_order_id)]
+            # sales = request.env['sale.order'].search_read([('id', '=', sale_order_id)], fields=['id', 'name', 'amount_total', 'state'])
+            sales = request.env['sale.order'].search(query, limit=1)
         else:
-            sales = request.env['sale.order'].search_read([('name', '=', sale_number)], fields=['id', 'name', 'amount_total', 'state'])
+            query = [('name', '=', sale_number)]
+            # sales = request.env['sale.order'].search_read([('name', '=', sale_number)], fields=['id', 'name', 'amount_total', 'state'])
+            sales = request.env['sale.order'].search(query, limit=1)
+        data = []
+        for sale in sales:
+            product_name = ''
+            product_not_in_id = 0
+            for line in sale.order_line:
+                product_name = line.product_id.name
+                product_not_in_id = line.product_id.id
+                break
+            data.append({
+                'id': sale.id,
+                'name': sale.name,
+                'amount_total': sale.amount_total,
+                'state': sale.state,
+                'product_name': product_name,
+                'product_not_in_id': product_not_in_id,
+            })
 
-        return self.response(sales)
+        return self.response(data)
 
     @http.route(PREFIX_PARTNER + 'sale_order', auth='public', method=['GET', 'OPTIONS'])
     def get_partner_sale_order(self, **kw):
-- 
cgit v1.2.3


From 27a1a3d68f728455ae196d2aa5736858ba623d09 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Tue, 31 Jan 2023 13:57:05 +0700
Subject: api category tree

---
 indoteknik_api/controllers/api_v1/category.py   | 49 +++++++++++++++++++++++++
 indoteknik_api/controllers/api_v1/sale_order.py |  1 -
 2 files changed, 49 insertions(+), 1 deletion(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/category.py b/indoteknik_api/controllers/api_v1/category.py
index 62faff85..b7ea65ed 100644
--- a/indoteknik_api/controllers/api_v1/category.py
+++ b/indoteknik_api/controllers/api_v1/category.py
@@ -7,6 +7,55 @@ import ast
 class Category(controller.Controller):
     prefix = '/api/v1/'
 
+    @http.route(prefix + 'category/child', auth='public', methods=['GET', 'OPTIONS'])
+    def get_category_child(self, **kw):
+        user_token = self.authenticate()
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'parent_id': ['number', 'default:0']
+        })
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        if params['value']['parent_id'] == 0:
+            params['value']['parent_id'] = False
+
+        categories = request.env['product.public.category'].search_read([('parent_frontend_id', '=', params['value']['parent_id'])], ['id', 'name'])
+        return self.response(categories)
+        
+    @http.route(prefix + 'category/tree', auth='public', methods=['GET', 'OPTIONS'])
+    def get_category_tree(self, **kw):
+        user_token = self.authenticate()
+        if not user_token:
+            return self.unauthorized_response()
+
+        parent_categories = request.env['product.public.category'].search_read([('parent_frontend_id', '=', False)], ['id', 'name'])
+        data = []
+        for parent_category in parent_categories:
+            parent_data = {
+                'id': parent_category['id'],
+                'name': parent_category['name'],
+                'childs': []
+            }
+            child_1_categories = request.env['product.public.category'].search_read([('parent_frontend_id', '=', parent_category['id'])], ['id', 'name'])
+            for child_1_category in child_1_categories:
+                child_1_data = {
+                    'id': child_1_category['id'],
+                    'name': child_1_category['name'],
+                    'childs': []
+                }
+                child_2_categories = request.env['product.public.category'].search_read([('parent_frontend_id', '=', child_1_category['id'])], ['id', 'name'])
+                for child_2_category in child_2_categories:
+                    child_2_data = {
+                        'id': child_2_category['id'],
+                        'name': child_2_category['name'],
+                    }
+                    child_1_data['childs'].append(child_2_data)
+                parent_data['childs'].append(child_1_data)
+            data.append(parent_data)
+        return self.response(data)
+
     @http.route(prefix + 'categories_homepage', auth='public', methods=['GET', 'OPTIONS'])
     def get_categories_homepage(self, **kw):
         if not self.authenticate():
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 7ce8cd43..9b52e79a 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -127,7 +127,6 @@ class SaleOrder(controller.Controller):
             'partner_purchase_order_file': params['value']['po_file']
         }
         sale_order = request.env['sale.order'].create([[parameters]])
-        var = json.loads(kw.get('transaction_time', '{}'))
         order_line = json.loads(params['value']['order_line'])
         parameters = []
         for line in order_line:
-- 
cgit v1.2.3


From cf289c9d54691a451937595e9695d02cf894cbb5 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Tue, 31 Jan 2023 16:18:31 +0700
Subject: categories_homepage image

---
 indoteknik_api/controllers/api_v1/category.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/category.py b/indoteknik_api/controllers/api_v1/category.py
index b7ea65ed..3a83f6a1 100644
--- a/indoteknik_api/controllers/api_v1/category.py
+++ b/indoteknik_api/controllers/api_v1/category.py
@@ -82,7 +82,7 @@ class Category(controller.Controller):
                 'sequence': category.sequence,
                 'category_id': category.category_id.id,
                 'name': category.category_id.name,
-                'image': base_url + 'api/image/website.categories.homepage/image/' + str(category.id) if category.image else '',
+                'image': request.env['ir.attachment'].api_image('website.categories.homepage', 'image', category.id),
                 'url': category.url,
                 # 'brands': [y.x_name for y in brands],
                 'brands': [request.env['x_manufactures'].api_single_response(y) for y in brands],
-- 
cgit v1.2.3


From 60e57d97be4033e43eca982ba833156e69a9cbf6 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Wed, 1 Feb 2023 09:11:19 +0700
Subject: api category

---
 indoteknik_api/controllers/api_v1/category.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/category.py b/indoteknik_api/controllers/api_v1/category.py
index 3a83f6a1..ff1baf6b 100644
--- a/indoteknik_api/controllers/api_v1/category.py
+++ b/indoteknik_api/controllers/api_v1/category.py
@@ -56,12 +56,24 @@ class Category(controller.Controller):
             data.append(parent_data)
         return self.response(data)
 
+    @http.route(prefix + 'categories_homepage/ids', auth='public', methods=['GET', 'OPTIONS'])
+    def get_categories_homepage_count(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        query = [('status', '=', 'tayang')]
+        categories = request.env['website.categories.homepage'].search_read(query, ['id'])
+        return self.response([x['id'] for x in categories])
+        
+
     @http.route(prefix + 'categories_homepage', auth='public', methods=['GET', 'OPTIONS'])
     def get_categories_homepage(self, **kw):
         if not self.authenticate():
             return self.response(code=401, description='Unauthorized')
         base_url = request.env['ir.config_parameter'].get_param('web.base.url')
         query = [('status', '=', 'tayang')]
+        id = kw.get('id')
+        if id:
+            query.append(('id', '=', id))
         categories = request.env['website.categories.homepage'].search(query, order='sequence')
         data = []
         for category in categories:
-- 
cgit v1.2.3


From 3d402f5a12d50d2264dde918d4b893b9c8943389 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Thu, 2 Feb 2023 17:12:04 +0700
Subject: download tax invoice

---
 indoteknik_api/controllers/api_v1/__init__.py   |  1 +
 indoteknik_api/controllers/api_v1/download.py   | 25 +++++++++++++++++++++++++
 indoteknik_api/controllers/api_v1/sale_order.py |  5 ++++-
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 indoteknik_api/controllers/api_v1/download.py

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/__init__.py b/indoteknik_api/controllers/api_v1/__init__.py
index ab499443..63540928 100644
--- a/indoteknik_api/controllers/api_v1/__init__.py
+++ b/indoteknik_api/controllers/api_v1/__init__.py
@@ -4,6 +4,7 @@ from . import cart
 from . import category
 from . import city
 from . import district
+from . import download
 from . import flash_sale
 from . import invoice
 from . import manufacture
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
new file mode 100644
index 00000000..b215a4cd
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -0,0 +1,25 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+import base64
+
+
+class Download(controller.Controller):
+    PREFIX = '/api/v1/'
+
+    @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_tax_invoice(self, **kw):
+        id = int(kw.get('id', 0))
+        token = kw.get('token', '')
+
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move$')
+        if md5_by_id == token:
+            attachment = request.env['ir.attachment'].sudo().search_read([
+                ('res_model', '=', 'account.move'),
+                ('res_field', '=', 'efaktur_document'),
+                ('res_id', '=', id),
+            ], ['datas', 'mimetype'])
+            attachment = attachment[0]
+            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+            
+        return self.response('Tidak diizinkan')
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 11186605..52ccf9fa 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -121,6 +121,7 @@ class SaleOrder(controller.Controller):
             'order_line': ['required', 'default:[]'],
             'po_number': [],
             'po_file': [],
+            'type': [],
         })
 
         if not user_token['partner_id'] == params['value']['partner_id']:
@@ -145,8 +146,10 @@ class SaleOrder(controller.Controller):
             'real_shipping_id': params['value']['partner_shipping_id'],
             'partner_invoice_id': params['value']['partner_invoice_id'],
             'partner_purchase_order_name': params['value']['po_number'],
-            'partner_purchase_order_file': params['value']['po_file']
+            'partner_purchase_order_file': params['value']['po_file'],
         }
+        if params['value']['type'] == 'sale_order':
+            parameters['approval_status'] = 'pengajuan1'
         sale_order = request.env['sale.order'].create([[parameters]])
         order_line = json.loads(params['value']['order_line'])
         parameters = []
-- 
cgit v1.2.3


From 9eb80e0aad8966c42fa721738986737b4040e0e4 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 3 Feb 2023 10:10:16 +0700
Subject: [ADD] feature download invoice

---
 indoteknik_api/controllers/api_v1/download.py | 31 +++++++++++++++++----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index b215a4cd..36f775b5 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -7,19 +7,28 @@ import base64
 class Download(controller.Controller):
     PREFIX = '/api/v1/'
 
-    @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
-    def download_tax_invoice(self, **kw):
+    def _get_attachment(self, model, field, id):
+        result = request.env['ir.attachment'].sudo().search_read([
+            ('res_model', '=', model),
+            ('res_field', '=', field),
+            ('res_id', '=', id),
+        ], ['datas', 'mimetype'])
+        return result if len(result) > 0 else None
+
+    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
+    def download_invoice(self, **kw):
         id = int(kw.get('id', 0))
-        token = kw.get('token', '')
+        return request.render('account.report_invoice', {'id': id})
+
+    @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_tax_invoice(self, id, token):
+        id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move$')
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
         if md5_by_id == token:
-            attachment = request.env['ir.attachment'].sudo().search_read([
-                ('res_model', '=', 'account.move'),
-                ('res_field', '=', 'efaktur_document'),
-                ('res_id', '=', id),
-            ], ['datas', 'mimetype'])
-            attachment = attachment[0]
-            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+            attachment = self._get_attachment('account.move', 'efaktur_document', id)
+            if attachment:
+                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+            return self.response('Dokumen tidak ditemukan', code=404)
             
         return self.response('Tidak diizinkan')
-- 
cgit v1.2.3


From 8cb3d124ec96b78872ebd0d0c969564249f15671 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 3 Feb 2023 10:39:38 +0700
Subject: [FIX] feature download invoice

---
 indoteknik_api/controllers/api_v1/download.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 36f775b5..38225b85 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -16,9 +16,10 @@ class Download(controller.Controller):
         return result if len(result) > 0 else None
 
     @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, **kw):
-        id = int(kw.get('id', 0))
-        return request.render('account.report_invoice', {'id': id})
+    def download_invoice(self, id):
+        id = int(id)
+        data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')])
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
@@ -28,6 +29,7 @@ class Download(controller.Controller):
         if md5_by_id == token:
             attachment = self._get_attachment('account.move', 'efaktur_document', id)
             if attachment:
+                attachment = attachment[0]
                 return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
             return self.response('Dokumen tidak ditemukan', code=404)
             
-- 
cgit v1.2.3


From 6b5f3041727d84db4d24215062940b8f2fca6d1c Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 3 Feb 2023 14:43:58 +0700
Subject: [FIX] feature download invoice

---
 indoteknik_api/controllers/api_v1/download.py | 28 ++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 38225b85..3794744e 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -15,22 +15,28 @@ class Download(controller.Controller):
         ], ['datas', 'mimetype'])
         return result if len(result) > 0 else None
 
-    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, id):
+    @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_invoice(self, id, token):
         id = int(id)
-        data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
-        return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')])
+        
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return request.make_response(pdf, [('Content-Type', 'application/pdf')])
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
         md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if md5_by_id == token:
-            attachment = self._get_attachment('account.move', 'efaktur_document', id)
-            if attachment:
-                attachment = attachment[0]
-                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
-            return self.response('Dokumen tidak ditemukan', code=404)
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        attachment = self._get_attachment('account.move', 'efaktur_document', id)
+        if attachment:
+            attachment = attachment[0]
+            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+        return self.response('Dokumen tidak ditemukan', code=404)
             
-        return self.response('Tidak diizinkan')
-- 
cgit v1.2.3


From 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 6 Feb 2023 12:02:42 +0700
Subject: add api cancel SO and upload PO in SO

---
 indoteknik_api/controllers/api_v1/download.py   |  8 ++--
 indoteknik_api/controllers/api_v1/sale_order.py | 56 +++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 4 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 3794744e..f12be337 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -19,8 +19,8 @@ class Download(controller.Controller):
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
@@ -30,8 +30,8 @@ class Download(controller.Controller):
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 52ccf9fa..9a4b23d9 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -105,6 +105,62 @@ class SaleOrder(controller.Controller):
         
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_upload_po_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number'],
+            'name': [],
+            'file': []
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.partner_purchase_order_name = params['value']['name']
+            sale_order.partner_purchase_order_file = params['value']['file']
+            data = sale_order.id
+        return self.response(data)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_cancel_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'cancel'
+            data = sale_order.id
+        return self.response(data)
+        
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()
-- 
cgit v1.2.3


From ef2f9fefe4df844f5a676d2a166dcd4dfdaa249b Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 6 Feb 2023 16:14:43 +0700
Subject: fix feature

---
 indoteknik_api/controllers/api_v1/download.py   | 28 +++++++++++------
 indoteknik_api/controllers/api_v1/sale_order.py | 40 +++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 9 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index f12be337..d9353896 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -1,7 +1,6 @@
 from .. import controller
 from odoo import http
 from odoo.http import request
-import base64
 
 
 class Download(controller.Controller):
@@ -13,30 +12,41 @@ class Download(controller.Controller):
             ('res_field', '=', field),
             ('res_id', '=', id),
         ], ['datas', 'mimetype'])
-        return result if len(result) > 0 else None
+        return result[0] if len(result) > 0 else None
 
     @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
         if not md5_valid:
             return self.response('Unauthorized')
 
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
-        return request.make_response(pdf, [('Content-Type', 'application/pdf')])
+        return rest_api.response_attachment({
+            'content': pdf,
+            'mimetype': 'application/pdf',
+            'filename': account_move[0]['name']
+        })
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
         if not md5_valid:
             return self.response('Unauthorized')
 
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
-        if attachment:
-            attachment = attachment[0]
-            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+        if attachment and len(account_move) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': account_move[0]['name'],
+            })
         return self.response('Dokumen tidak ditemukan', code=404)
-            
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 9a4b23d9..1c67d6c5 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,6 +3,7 @@ from odoo import http
 from odoo.http import request
 import json
 
+
 class SaleOrder(controller.Controller):
     prefix = '/api/v1/'
     PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
@@ -134,6 +135,45 @@ class SaleOrder(controller.Controller):
             data = sale_order.id
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+    def partner_download_po_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+        attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+        if attachment and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': sale_order[0]['partner_purchase_order_name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+    def partner_download_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+        if pdf and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': pdf,
+                'mimetype': 'application/pdf',
+                'filename': sale_order[0]['name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
     @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def partner_cancel_sale_order(self, **kw):
         user_token = self.authenticate() 
-- 
cgit v1.2.3