From 8cb3d124ec96b78872ebd0d0c969564249f15671 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 3 Feb 2023 10:39:38 +0700
Subject: [FIX] feature download invoice

---
 indoteknik_api/controllers/api_v1/download.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 36f775b5..38225b85 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -16,9 +16,10 @@ class Download(controller.Controller):
         return result if len(result) > 0 else None
 
     @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, **kw):
-        id = int(kw.get('id', 0))
-        return request.render('account.report_invoice', {'id': id})
+    def download_invoice(self, id):
+        id = int(id)
+        data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')])
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
@@ -28,6 +29,7 @@ class Download(controller.Controller):
         if md5_by_id == token:
             attachment = self._get_attachment('account.move', 'efaktur_document', id)
             if attachment:
+                attachment = attachment[0]
                 return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
             return self.response('Dokumen tidak ditemukan', code=404)
             
-- 
cgit v1.2.3


From 6b5f3041727d84db4d24215062940b8f2fca6d1c Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Fri, 3 Feb 2023 14:43:58 +0700
Subject: [FIX] feature download invoice

---
 indoteknik_api/controllers/api_v1/download.py | 28 ++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 38225b85..3794744e 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -15,22 +15,28 @@ class Download(controller.Controller):
         ], ['datas', 'mimetype'])
         return result if len(result) > 0 else None
 
-    @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
-    def download_invoice(self, id):
+    @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
+    def download_invoice(self, id, token):
         id = int(id)
-        data = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
-        return request.make_response(base64.b64decode(data[0]), [('Content-Type', 'application/pdf')])
+        
+        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+        return request.make_response(pdf, [('Content-Type', 'application/pdf')])
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
         md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if md5_by_id == token:
-            attachment = self._get_attachment('account.move', 'efaktur_document', id)
-            if attachment:
-                attachment = attachment[0]
-                return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
-            return self.response('Dokumen tidak ditemukan', code=404)
+        if not md5_by_id == token:
+            return self.response('Unauthorized')
+
+        attachment = self._get_attachment('account.move', 'efaktur_document', id)
+        if attachment:
+            attachment = attachment[0]
+            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+        return self.response('Dokumen tidak ditemukan', code=404)
             
-        return self.response('Tidak diizinkan')
-- 
cgit v1.2.3


From 446e3be759d72b7a06b4e4671b91c6f9c8bfa903 Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 6 Feb 2023 12:02:42 +0700
Subject: add api cancel SO and upload PO in SO

---
 indoteknik_api/controllers/api_v1/download.py   |  8 ++--
 indoteknik_api/controllers/api_v1/sale_order.py | 56 +++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 4 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 3794744e..f12be337 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -19,8 +19,8 @@ class Download(controller.Controller):
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
@@ -30,8 +30,8 @@ class Download(controller.Controller):
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
-        if not md5_by_id == token:
+        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        if not md5_valid:
             return self.response('Unauthorized')
 
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 52ccf9fa..9a4b23d9 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -105,6 +105,62 @@ class SaleOrder(controller.Controller):
         
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_upload_po_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number'],
+            'name': [],
+            'file': []
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.partner_purchase_order_name = params['value']['name']
+            sale_order.partner_purchase_order_file = params['value']['file']
+            data = sale_order.id
+        return self.response(data)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+    def partner_cancel_sale_order(self, **kw):
+        user_token = self.authenticate() 
+        if not user_token:
+            return self.unauthorized_response()
+
+        params = self.get_request_params(kw, {
+            'partner_id': ['number'],
+            'id': ['number']
+        })
+        if not user_token['partner_id'] == params['value']['partner_id']:
+            return self.unauthorized_response()
+        if not params['valid']:
+            return self.response(code=400, description=params)
+
+        partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+        domain = [
+            ('id', '=', params['value']['id']),
+            ('partner_id', 'in', partner_child_ids)
+        ]
+        data = False
+        sale_order = request.env['sale.order'].search(domain)
+        if sale_order:
+            sale_order.state = 'cancel'
+            data = sale_order.id
+        return self.response(data)
+        
     @http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def create_partner_sale_order(self, **kw):
         user_token = self.authenticate()
-- 
cgit v1.2.3


From ef2f9fefe4df844f5a676d2a166dcd4dfdaa249b Mon Sep 17 00:00:00 2001
From: Rafi Zadanly <zadanlyr@gmail.com>
Date: Mon, 6 Feb 2023 16:14:43 +0700
Subject: fix feature

---
 indoteknik_api/controllers/api_v1/download.py   | 28 +++++++++++------
 indoteknik_api/controllers/api_v1/sale_order.py | 40 +++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 9 deletions(-)

(limited to 'indoteknik_api/controllers/api_v1')

diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index f12be337..d9353896 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -1,7 +1,6 @@
 from .. import controller
 from odoo import http
 from odoo.http import request
-import base64
 
 
 class Download(controller.Controller):
@@ -13,30 +12,41 @@ class Download(controller.Controller):
             ('res_field', '=', field),
             ('res_id', '=', id),
         ], ['datas', 'mimetype'])
-        return result if len(result) > 0 else None
+        return result[0] if len(result) > 0 else None
 
     @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
     def download_invoice(self, id, token):
         id = int(id)
         
-        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
         if not md5_valid:
             return self.response('Unauthorized')
 
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
         pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
-        return request.make_response(pdf, [('Content-Type', 'application/pdf')])
+        return rest_api.response_attachment({
+            'content': pdf,
+            'mimetype': 'application/pdf',
+            'filename': account_move[0]['name']
+        })
 
     @http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
     def download_tax_invoice(self, id, token):
         id = int(id)
 
-        md5_valid = request.env['rest.api'].md5_salt_valid(id, 'account.move', token)
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
         if not md5_valid:
             return self.response('Unauthorized')
 
+        account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
         attachment = self._get_attachment('account.move', 'efaktur_document', id)
-        if attachment:
-            attachment = attachment[0]
-            return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
+        if attachment and len(account_move) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': account_move[0]['name'],
+            })
         return self.response('Dokumen tidak ditemukan', code=404)
-            
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 9a4b23d9..1c67d6c5 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,6 +3,7 @@ from odoo import http
 from odoo.http import request
 import json
 
+
 class SaleOrder(controller.Controller):
     prefix = '/api/v1/'
     PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
@@ -134,6 +135,45 @@ class SaleOrder(controller.Controller):
             data = sale_order.id
         return self.response(data)
 
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+    def partner_download_po_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+        attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+        if attachment and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': attachment['datas'],
+                'decode_content': True,
+                'mimetype': attachment['mimetype'],
+                'filename': sale_order[0]['partner_purchase_order_name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
+    @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+    def partner_download_sale_order(self, id, token):
+        id = int(id)
+
+        rest_api = request.env['rest.api']
+        md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+        if not md5_valid:
+            return self.response('Unauthorized')
+        
+        sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+        pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+        if pdf and len(sale_order) > 0:
+            return rest_api.response_attachment({
+                'content': pdf,
+                'mimetype': 'application/pdf',
+                'filename': sale_order[0]['name']
+            })
+        return self.response('Dokumen tidak ditemukan', code=404)
+
     @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
     def partner_cancel_sale_order(self, **kw):
         user_token = self.authenticate() 
-- 
cgit v1.2.3