OCA
diff --git a/‎oauth_provider/controllers/__init__.py‎
Lines changed: 1 addition & 1 deletion b/‎oauth_provider/controllers/__init__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎oauth_provider/controllers/oauth_api_controller.py‎
Lines changed: 0 additions & 118 deletions b/‎oauth_provider/controllers/oauth_api_controller.py‎
Lines changed: 0 additions & 118 deletions
diff --git a/‎oauth_provider/controllers/oauth_mixin.py‎
Lines changed: 44 additions & 0 deletions b/‎oauth_provider/controllers/oauth_mixin.py‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎oauth_provider/controllers/rest_api_controller.py‎
Lines changed: 130 additions & 0 deletions b/‎oauth_provider/controllers/rest_api_controller.py‎
Lines changed: 130 additions & 0 deletions
@@ -4,5 +4,5 @@
 
 from . import oauth_mixin
 
-from . import oauth_api_controller
+from . import rest_api_controller
 from . import oauth_provider_controller
@@ -8,6 +8,8 @@
 from odoo import http
 from odoo.addons.web.controllers.main import ensure_db
 
+from ..exceptions import OauthInvalidTokenException, OauthScopeValidationException
+
 #from ..http import _json_response
 
 
@@ -20,6 +22,48 @@
 
 class OauthMixin(http.Controller):
 
+    def _validate_model(self, model_name, token=None):
+        """ Validate the access token & return a usable model.
+
+        Args:
+            model_name (str): Name of model to find.
+            token (OauthProviderToken, optional): Will return the model in
+                the scope of the token user, if defined.
+
+        Returns:
+            IrModel: Usable model object that matched model_name.
+
+        Raises:
+            OauthApiException: If the model is not found.
+        """
+        ensure_db()
+        model_obj = http.request.env['ir.model'].search([
+            ('model', '=', model_name),
+        ])
+        if not model_obj:
+            raise OauthApiException('Model Not Found')
+        if token is not None:
+            model_obj = model_obj.sudo(user=token.user_id)
+        return model_obj
+
+    def _validate_token(self, access_token):
+        """ Find the access token & return it if valid.
+
+        Args:
+            access_token (str): Access token that should be validated.
+
+        Returns:
+            OAuthProviderToken: Token record, if valid.
+
+        Raises:
+            OauthInvalidTokenException: When the token is invalid or expired.
+        """
+        ensure_db()
+        token = self._get_access_token(access_token)
+        if not token:
+            raise OauthInvalidTokenException()
+        return token
+
     @classmethod
     def _get_access_token(cls, access_token):
         """ Verify access token and return record if valid.
 
@@ -0,0 +1,130 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 SYLEAM
+# Copyright 2017 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import logging
+
+from odoo import http, fields
+from odoo.addons.web.controllers.main import ensure_db
+
+from ..exceptions import OauthApiException, OauthInvalidTokenException
+from .oauth_mixin import OauthMixin
+
+_logger = logging.getLogger(__name__)
+
+
+class RestApiController(OauthMixin):
+
+    API_VERSION = '1.0'
+
+    @http.route(
+        '/api/rest/%s/<string:model>/search' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['POST'],
+    )
+    def rest_search(self, access_token, model, domain=None, *a, **kw):
+        """ Return allowed information from all records, with optional query.
+
+        Args:
+            access_token (str): OAuth2 access token to utilize for the
+                operation.
+            model (str): Name of model to operate on.
+            domain (list, optional): Domain to apply to the search, in the
+                standard Odoo format. This will be appended to the scope's
+                pre-existing filter.
+        """
+        token = self._validate_token(access_token)
+        self._validate_model(model)
+        data = token.get_data(model, domain=domain)
+        return data
+
+    @http.route(
+        '/api/rest/%s/<string:model>/' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['GET'],
+    )
+    def rest_list(self, access_token, model, *a, **kw):
+        """ Return allowed information from all records.
+
+        Args:
+            access_token (str): OAuth2 access token to utilize for the
+                operation.
+            model (str): Name of model to operate on.
+        """
+        return self.rest_search(access_token, model)
+
+    @http.route(
+        '/api/rest/%s/<string:model>/<int:record_id>' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['GET'],
+    )
+    def rest_read(self, access_token, model, record_id, *a, **kw):
+        """ Return allowed information from specific records.
+
+        Args:
+            access_token (str): OAuth2 access token to utilize for the
+                operation.
+            model (str): Name of model to operate on.
+            record_id (int): ID of record to get.
+        """
+        token = self._validate_token(access_token)
+        self._validate_model(model)
+        data = token.get_data(model, record_id)
+        return data
+
+    @http.route(
+        '/api/rest/%s/<string:model>/' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['POST'],
+    )
+    def rest_create(self, access_token, model, *args, **kwargs):
+        """ Create and return new record. """
+        token = self._validate_token(access_token)
+        self._validate_model(model)
+        record = token.create_record(model, kwargs)
+        return record.read()
+
+    @http.route(
+        '/api/rest/%s/<string:model>/<int:record_id>' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['PUT'],
+        )
+    def rest_write(self, access_token, model, record_id=None,
+                   record_ids=None, *args, **kwargs):
+
+        if record_ids is None:
+            record_ids = []
+        if record_id is not None:
+            record_ids.append(record_id)
+
+        token = self._validate_token(access_token)
+        self._validate_model(model)
+        record = token.write_record(model, record_ids, kwargs)
+
+        return record.read()
+
+    @http.route(
+        '/api/rest/%s/<string:model>/' % API_VERSION,
+        type='json',
+        auth='none',
+        methods=['DELETE'],
+    )
+    def data_delete(self, access_token, model, record_id=None,
+                    record_ids=None, *args, **kwargs):
+
+        if record_ids is None:
+            record_ids = []
+        if record_id is not None:
+            record_ids.append(record_id)
+
+        token = self._validate_token(access_token)
+        self._validate_model(model)
+        token.delete_record(model, record_ids)
+
+        return True