audrius/pms
1
0
Fork 1
mirror of https://github.com/OCA/pms.git synced 2025-01-29 00:17:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

[IMP]pms_api_rest: Disable GET multi reservation lines by security reasons

Browse Source
This commit is contained in:
Darío Lodeiros
2022-07-14 20:09:30 +02:00
parent 98a754f18b
commit 094228b3ae
1 changed files with 51 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
pms_api_rest/services/pms_reservation_line_service.py
View File

@@ -47,58 +47,58 @@ class PmsReservationLineService(Component):
else: else:
raise MissingError(_("Reservation Line not found")) raise MissingError(_("Reservation Line not found"))
@restapi.method( # @restapi.method(
[ # [
( # (
[ # [
"/", # "/",
], # ],
"GET", # "GET",
) # )
], # ],
input_param=Datamodel("pms.reservation.line.search.param"), # input_param=Datamodel("pms.reservation.line.search.param"),
output_param=Datamodel("pms.reservation.line.info", is_list=True), # output_param=Datamodel("pms.reservation.line.info", is_list=True),
auth="jwt_api_pms", # auth="jwt_api_pms",
) # )
def get_reservation_lines(self, reservation_lines_search_param): # def get_reservation_lines(self, reservation_lines_search_param):
domain = [] # domain = []
if reservation_lines_search_param.date: # if reservation_lines_search_param.date:
domain.append(("date", "=", reservation_lines_search_param.date)) # domain.append(("date", "=", reservation_lines_search_param.date))
if reservation_lines_search_param.reservationId: # if reservation_lines_search_param.reservationId:
domain.append( # domain.append(
("reservation_id", "=", reservation_lines_search_param.reservationId) # ("reservation_id", "=", reservation_lines_search_param.reservationId)
) # )
if reservation_lines_search_param.pmsPropertyId: # if reservation_lines_search_param.pmsPropertyId:
domain.extend( # domain.extend(
[ # [
( # (
"pms_property_id", # "pms_property_id",
"=", # "=",
reservation_lines_search_param.pmsPropertyId, # reservation_lines_search_param.pmsPropertyId,
), # ),
] # ]
) # )
result_lines = [] # result_lines = []
PmsReservationLineInfo = self.env.datamodels["pms.reservation.line.info"] # PmsReservationLineInfo = self.env.datamodels["pms.reservation.line.info"]
for reservation_line in self.env["pms.reservation.line"].search( # for reservation_line in self.env["pms.reservation.line"].search(
domain, # domain,
): # ):
result_lines.append( # result_lines.append(
PmsReservationLineInfo( # PmsReservationLineInfo(
id=reservation_line.id, # id=reservation_line.id,
date=datetime.combine( # date=datetime.combine(
reservation_line.date, datetime.min.time() # reservation_line.date, datetime.min.time()
).isoformat(), # ).isoformat(),
price=round(reservation_line.price, 2), # price=round(reservation_line.price, 2),
discount=round(reservation_line.discount, 2), # discount=round(reservation_line.discount, 2),
cancelDiscount=round(reservation_line.cancel_discount, 2), # cancelDiscount=round(reservation_line.cancel_discount, 2),
roomId=reservation_line.room_id.id, # roomId=reservation_line.room_id.id,
reservationId=reservation_line.reservation_id.id, # reservationId=reservation_line.reservation_id.id,
pmsPropertyId=reservation_line.pms_property_id.id, # pmsPropertyId=reservation_line.pms_property_id.id,
) # )
) # )
return result_lines # return result_lines
@restapi.method( @restapi.method(
[ [