initial Commit

.gitignore

@@ -0,0 +1,53 @@
+# sphinx build directories
+_build/
+
+# dotfiles
+.*
+!.gitignore
+!.github
+!.mailmap
+# compiled python files
+*.py[co]
+*.pyc
+__pycache__/
+# setup.py egg_info
+*.egg-info
+# emacs backup files
+*~
+# hg stuff
+*.orig
+status
+# odoo filestore
+#odoo/filestore
+# maintenance migration scripts
+#odoo/addons/base/maintenance
+# window installation config file
+#odoo.conf
+
+# generated for windows installer?
+install/win32/*.bat
+install/win32/meta.py
+
+# needed only when building for win32
+setup/win32/static/less/
+setup/win32/static/wkhtmltopdf/
+setup/win32/static/postgresql*.exe
+
+# js tooling
+node_modules
+jsconfig.json
+tsconfig.json
+package-lock.json
+package.json
+.husky
+
+# various virtualenv
+/bin/
+/build/
+/dist/
+/include/
+/lib/
+/man/
+/share/
+/src/
+.venv/

Dockerfile

@@ -0,0 +1,17 @@
+# Use official Odoo 18 image
+FROM odoo:18.0
+
+# Set environment vars
+ENV ADDONS_PATH=/mnt/rest-api
+
+# Copy config
+COPY ./odoo.conf /etc/odoo/odoo.conf
+
+# Copy your custom addon
+COPY ./rest-api /mnt/rest-api
+
+# Expose Odoo web port
+EXPOSE 7860
+
+# Start Odoo with your config
+CMD ["odoo", "-c", "/etc/odoo/odoo.conf"]

Dockerfile_old

@@ -0,0 +1,60 @@
+# Use official Python 3.11 base image
+FROM python:3.11-slim
+
+
+# Create a non-root user
+RUN useradd -ms /bin/bash admin
+
+# Install dependencies and Node.js (18.x)
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+        ksh \
+        curl \
+        nginx \
+        gnupg  \
+        certbot \
+        wkhtmltopdf \
+        build-essential \
+        libpq-dev \ 
+        libssl-dev \
+        libffi-dev  \
+        python3-dev  \
+        libldap2-dev \
+        libsasl2-dev \
+        python3-certbot-nginx && \
+    # Add Node.js 18.x from NodeSource
+    curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
+    apt-get install -y nodejs && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Print versions (optional debug)
+RUN node -v && npm -v && python3 --version && pip3 --version
+
+# Copy application files
+#COPY . /app
+COPY  odoo.conf requirements.txt /app/
+
+# Copy Angular build files to Nginx web directory
+ADD ./odoo.tar /app/odoo
+
+# Set directory permissions
+RUN chmod 777 /app
+
+# Set the working directory to /app
+WORKDIR /app
+
+# Set ownership and permissions for the app directory
+RUN chown -R admin:admin /app && chmod -R 777 /app/*
+
+# Switch to the non-root user for better security
+USER admin
+
+# Expose the port the application will run on
+EXPOSE 7860
+
+# Install Python dependencies
+RUN pip3 install --no-cache-dir --upgrade -r requirements.txt
+
+# Run the Odoo server
+CMD ["python3", "odoo/odoo-bin", "-c", "/app/odoo.conf"]

odoo.conf

@@ -0,0 +1,16 @@
+[options]
+; Is This The Password That Allows Database Operations:
+admin_passwd = admin
+db_host = ep-withered-bar-a1n6c8l2-pooler.ap-southeast-1.aws.neon.tech
+db_port = 5432
+db_name = odoo_db
+db_user = odoo_admin
+db_password = npg_2rj1lSdVhKqi
+interface = 0.0.0.0
+xmlrpc_interface = 0.0.0.0
+port= 7860
+http_port = 7860
+xmlrpc_port = 7860
+server_wide_modules = web, base
+addons_path= /usr/lib/python3/dist-packages/odoo/addons
+;addons_path = /app/odoo/odoo/addons

requirements.txt

@@ -0,0 +1,92 @@
+# The officially supported versions of the following packages are their
+#setuptools>=65.5.1
+# python3-* equivalent distributed in Ubuntu 24.04 and Debian 12
+asn1crypto==1.4.0 ; python_version < '3.11'
+asn1crypto==1.5.1 ; python_version >= '3.11'
+Babel==2.9.1 ; python_version < '3.11'  # min version = 2.6.0 (Focal with security backports)
+Babel==2.10.3 ; python_version >= '3.11'
+cbor2==5.4.2 ; python_version < '3.12'
+cbor2==5.6.2 ; python_version >= '3.12'
+chardet==4.0.0 ; python_version < '3.11'  # (Jammy)
+chardet==5.2.0 ; python_version >= '3.11'
+cryptography==3.4.8; python_version < '3.12'  # incompatibility between pyopenssl 19.0.0 and cryptography>=37.0.0
+cryptography==42.0.8 ; python_version >= '3.12'  # (Noble) min 41.0.7, pinning 42.0.8 for security fixes
+decorator==4.4.2  ; python_version < '3.11'  # (Jammy)
+decorator==5.1.1  ; python_version >= '3.11'
+docutils==0.17 ; python_version < '3.11'  # (Jammy)
+docutils==0.20.1 ; python_version >= '3.11'
+freezegun==1.1.0 ; python_version < '3.11'  # (Jammy)
+freezegun==1.2.1 ; python_version >= '3.11'
+geoip2==2.9.0
+gevent==21.8.0 ; sys_platform != 'win32' and python_version == '3.10'  # (Jammy)
+gevent==22.10.2; sys_platform != 'win32' and python_version > '3.10' and python_version < '3.12'
+gevent==24.2.1 ; sys_platform != 'win32' and python_version >= '3.12'  # (Noble)
+greenlet==1.1.2 ; sys_platform != 'win32' and python_version == '3.10'  # (Jammy)
+greenlet==2.0.2 ; sys_platform != 'win32' and python_version > '3.10' and python_version < '3.12'
+greenlet==3.0.3 ; sys_platform != 'win32' and python_version >= '3.12'  # (Noble)
+idna==2.10 ; python_version < '3.12'  # requests 2.25.1 depends on idna<3 and >=2.5
+idna==3.6 ; python_version >= '3.12'
+Jinja2==3.0.3 ; python_version <= '3.10'
+Jinja2==3.1.2 ; python_version > '3.10'
+libsass==0.20.1 ; python_version < '3.11'
+libsass==0.22.0 ; python_version >= '3.11'  # (Noble) Mostly to have a wheel package
+lxml==4.8.0 ; python_version <= '3.10'
+lxml==4.9.3 ; python_version > '3.10' and python_version < '3.12' # min 4.9.2, pinning 4.9.3 because of missing wheels for darwin in 4.9.3
+lxml==5.2.1; python_version >= '3.12' # (Noble - removed html clean)
+lxml-html-clean; python_version >= '3.12' # (Noble - removed from lxml, unpinned for futur security patches)
+MarkupSafe==2.0.1 ; python_version <= '3.10'
+MarkupSafe==2.1.2 ; python_version > '3.10' and python_version < '3.12'
+MarkupSafe==2.1.5 ; python_version >= '3.12'  # (Noble) Mostly to have a wheel package
+num2words==0.5.10 ; python_version < '3.12'  # (Jammy / Bookworm)
+num2words==0.5.13 ; python_version >= '3.12' 
+ofxparse==0.21
+openpyxl==3.0.9 ; python_version < '3.12'
+openpyxl==3.1.2 ; python_version >= '3.12'
+passlib==1.7.4 # min version = 1.7.2 (Focal with security backports)
+Pillow==9.0.1 ; python_version <= '3.10'
+Pillow==9.4.0 ; python_version > '3.10' and python_version < '3.12'
+Pillow==10.2.0 ; python_version >= '3.12'  # (Noble) Mostly to have a wheel package
+polib==1.1.1
+psutil==5.9.0 ; python_version <= '3.10' 
+psutil==5.9.4 ; python_version > '3.10' and python_version < '3.12' 
+psutil==5.9.8 ; python_version >= '3.12' # (Noble) Mostly to have a wheel package
+psycopg2==2.9.2 ; python_version == '3.10' # (Jammy)
+psycopg2==2.9.5 ; python_version == '3.11'
+psycopg2==2.9.9 ; python_version >= '3.12' # (Noble) Mostly to have a wheel package
+pyopenssl==21.0.0 ; python_version < '3.12'
+pyopenssl==24.1.0 ; python_version >= '3.12' # (Noble) min 23.2.0, pinned for compatibility with cryptography==42.0.8 and security patches
+PyPDF2==1.26.0 ; python_version <= '3.10'
+PyPDF2==2.12.1 ; python_version > '3.10'
+pypiwin32 ; sys_platform == 'win32'
+pyserial==3.5
+python-dateutil==2.8.1 ; python_version < '3.11'
+python-dateutil==2.8.2 ; python_version >= '3.11'
+python-ldap==3.4.0 ; sys_platform != 'win32' and python_version < '3.12' # min version = 3.2.0 (Focal with security backports)
+python-ldap==3.4.4 ; sys_platform != 'win32' and python_version >= '3.12'  # (Noble) Mostly to have a wheel package
+python-stdnum==1.17 ; python_version < '3.11'  # (jammy)
+python-stdnum==1.19 ; python_version >= '3.11'
+pytz  # no version pinning to avoid OS perturbations
+pyusb==1.2.1
+qrcode==7.3.1 ; python_version < '3.11'  # (jammy)
+qrcode==7.4.2 ; python_version >= '3.11'
+reportlab==3.6.8 ; python_version <= '3.10'
+reportlab==3.6.12 ; python_version > '3.10' and python_version < '3.12'
+reportlab==4.1.0 ; python_version >= '3.12' # (Noble) Mostly to have a wheel package
+requests==2.25.1 ;  python_version < '3.11' # versions < 2.25 aren't compatible w/ urllib3 1.26. Bullseye = 2.25.1. min version = 2.22.0 (Focal)
+requests==2.31.0 ; python_version >= '3.11' # (Noble)
+rjsmin==1.1.0 ; python_version < '3.11'  # (jammy)
+rjsmin==1.2.0 ; python_version >= '3.11'
+rl-renderPM==4.0.3 ; sys_platform == 'win32' and python_version >= '3.12'  # Needed by reportlab 4.1.0 but included in deb package
+urllib3==1.26.5 ; python_version < '3.12' # indirect / min version = 1.25.8 (Focal with security backports)
+urllib3==2.0.7  ; python_version >= '3.12'  # (Noble) Compatibility with cryptography
+vobject==0.9.6.1
+Werkzeug==2.0.2 ; python_version <= '3.10' 
+Werkzeug==2.2.2 ; python_version > '3.10' and python_version < '3.12'
+Werkzeug==3.0.1 ; python_version >= '3.12'  # (Noble) Avoid deprecation warnings
+xlrd==1.2.0 ; python_version < '3.12'  # (jammy)
+xlrd==2.0.1 ; python_version >= '3.12'
+XlsxWriter==3.0.2 ; python_version < '3.12'  # (jammy)
+XlsxWriter==3.1.9 ; python_version >= '3.12'
+xlwt==1.3.0
+zeep==4.1.0 ; python_version < '3.11'  # (jammy)
+zeep==4.2.1 ; python_version >= '3.11'

rest-api/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Yezy Ilomo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

rest-api/README.md

@@ -0,0 +1,598 @@
+# Odoo REST API
+This is a module which expose Odoo as a REST API 
+
+
+## Installing
+* Download this module and put it to your Odoo addons directory
+* Install requirements with `pip install -r requirements.txt`
+
+## Getting Started
+
+### Authenticating users
+Before making any request make sure you are authenticated. The route which is used to authenticate users is `/auth/`. Below is an example showing how to authenticate users.
+```py
+import json
+import requests
+import sys
+
+AUTH_URL = 'http://localhost:8069/auth/'
+
+headers = {'Content-type': 'application/json'}
+
+
+# Remember to configure default db on odoo configuration file(dbfilter = ^db_name$)
+# Authentication credentials
+data = {
+    'params': {
+         'login': '[email protected]',
+         'password': 'yor_password',
+         'db': 'your_db_name'
+    }
+}
+
+# Authenticate user
+res = requests.post(
+    AUTH_URL, 
+    data=json.dumps(data), 
+    headers=headers
+)
+
+# Get response cookies
+# This hold information for authenticated user
+cookies = res.cookies
+
+
+# Example 1
+# Get users
+USERS_URL = 'http://localhost:8069/api/res.users/'
+
+# This will take time since it retrives all res.users fields
+# You can use query param to fetch specific fields
+
+res = requests.get(
+    USERS_URL, 
+    cookies=cookies  # Here we are sending cookies which holds info for authenticated user
+)
+
+# This will be a very long response since it has many data
+print(res.text)
+
+
+# Example 2
+# Get products(assuming you have products in you db)
+# Here am using query param to fetch only product id and name(This will be faster)
+USERS_URL = 'http://localhost:8069/api/product.product/'
+
+# Use query param to fetch only id and name
+params = {'query': '{id, name}'}
+
+res = requests.get(
+    USERS_URL, 
+    params=params,
+    cookies=cookies  # Here we are sending cookies which holds info for authenticated user
+)
+
+# This will be small since we've retrieved only id and name
+print(res.text)
+```
+
+
+## Allowed HTTP methods 
+
+## 1. GET
+
+### Model records: 
+
+`GET /api/{model}/`
+#### Parameters 
+* **query (optional):**
+
+   This parameter is used to dynamically select fields to include on a response. For example if we want to select `id` and `name` fields from `res.users` model here is how we would do it.
+
+   `GET /api/res.users/?query={id, name}`
+
+   ```js
+   {
+       "count": 2, 
+       "prev": null, 
+       "current": 1, 
+       "next": null, 
+       "total_pages": 1, 
+       "result": [
+           {
+               "id": 2, 
+               "name": "Administrator"
+            }, 
+           {
+               "id": 6, 
+               "name": "Sailors Co Ltd"
+            }
+        ]
+    }
+   ```
+   
+   For nested records, for example if we want to select `id`, `name` and `company_id` fields from `res.users` model, but under `company_id` we want to select `name` field only. here is how we would do it.
+
+   `GET /api/res.users/?query={id, name, company_id{name}}`
+
+   ```js
+   {
+       "count": 2, 
+       "prev": null, 
+       "current": 1, 
+       "next": null, 
+       "total_pages": 1, 
+       "result": [
+           {
+               "id": 2, 
+               "name": "Administrator",
+               "company_id": {
+                   "name": "Singo Africa"
+               }
+            }, 
+           {
+               "id": 6, 
+               "name": "Sailors Co Ltd",
+               "company_id": {
+                   "name": "Singo Africa"
+               }
+            }
+        ]
+    }
+   ```
+
+   For nested iterable records, for example if we want to select `id`, `name` and `related_products` fields from `product.template` model, but under `related_products` we want to select `name` field only. here is how we would do it.
+
+   `GET /api/product.template/?query={id, name, related_products{name}}`
+
+   ```js
+   {
+       "count": 2, 
+       "prev": null, 
+       "current": 1, 
+       "next": null, 
+       "total_pages": 1, 
+       "result": [
+           {
+               "id": 16, 
+               "name": "Alaf Resincot Steel Roof-16", 
+               "related_products": [
+                   {"name": "Alloy Steel AISI 4140 Bright Bars - All 5.8 meter longs"}, 
+                   {"name": "Test product"}
+                ]
+            }, 
+            {
+                "id": 18,
+                 "name": "Alaf Resincot Steel Roof-43", 
+                 "related_products": [
+                     {"name": "Alloy Steel AISI 4140 Bright Bars - All 5.8 meter longs"}, 
+                     {"name": "Aluminium Sheets & Plates"}, 
+                     {"name": "Test product"}
+                 ]
+            }
+        ]
+   }
+   ```
+
+   If you want to fetch all fields except few you can use exclude(-) operator. For example in the case above if we want to fetch all fields except `name` field, here is how we could do it   
+   `GET /api/product.template/?query={-name}`
+   
+   ```js
+   {
+        "count": 3, 
+        "prev": null, 
+        "current": 1, 
+        "next": null, 
+        "total_pages": 1, 
+        "result": [
+            {   
+                "id": 1,
+                ... // All fields except name
+            }, 
+            {
+                "id": 2
+                ... // All fields except name
+            }
+            ...
+        ]
+   }
+   ```
+
+   There is also a wildcard(\*) operator which can be used to fetch all fields, Below is an example which shows how you can fetch all product's fields but under `related_products` field get all fields except `id`.
+
+   `GET /api/product.template/?query={*, related_products{-id}}`
+
+   ```js
+   {
+        "count": 3, 
+        "prev": null, 
+        "current": 1, 
+        "next": null, 
+        "total_pages": 1, 
+        "result": [
+            {   
+                "id": 1,
+                "name": "Pen",
+                "related_products"{
+                    "name": "Pencil",
+                    ... // All fields except id
+                }
+                ... // All fields
+            }, 
+            ...
+        ]
+   }
+   ```
+
+   **If you don't specify query parameter all fields will be returned.**
+
+
+* **filter (optional):**
+
+    This is used to filter out data returned. For example if we want to get all products with id ranging from 60 to 70, here's how we would do it.
+
+    `GET /api/product.template/?query={id, name}&filter=[["id", ">", 60], ["id", "<", 70]]`
+
+    ```js
+    {
+        "count": 3, 
+        "prev": null, 
+        "current": 1, 
+        "next": null, 
+        "total_pages": 1, 
+        "result": [
+            {
+                "id": 67, 
+                "name": "Crown Paints Economy Superplus Emulsion"
+            }, 
+            {
+                "id": 69,
+                "name": "Crown Paints Permacote"
+            }
+        ]
+    }
+    ```
+
+* **page_size (optional) & page (optional):**
+
+    These two allows us to do pagination. Hre page_size is used to specify number of records on a single page and page is used to specify the current page. For example if we want our page_size to be 5 records and we want to fetch data on page 3 here is how we would do it.
+
+    `GET /api/product.template/?query={id, name}&page_size=5&page=3`
+
+    ```js
+    {
+        "count": 5, 
+        "prev": 2, 
+        "current": 3, 
+        "next": 4, 
+        "total_pages": 15, 
+        "result": [
+            {"id": 141, "name": "Borewell Slotting Pipes"}, 
+            {"id": 114, "name": "Bright Bars"}, 
+            {"id": 128, "name": "Chain Link Fence"}, 
+            {"id": 111, "name": "Cold Rolled Sheets - CRCA & GI Sheets"}, 
+            {"id": 62, "name": "Crown Paints Acrylic Primer/Sealer Undercoat"}
+        ]
+    }
+    ```
+
+    Note: `prev`, `current`, `next` and `total_pages` shows the previous page, current page, next page and the total number of pages respectively.
+
+* **limit (optional):**
+
+    This is used to limit the number of results returned on a request regardless of pagination. For example
+    
+    `GET /api/product.template/?query={id, name}&limit=3`
+
+    ```js
+    {
+        "count": 3, 
+        "prev": null, 
+        "current": 1, 
+        "next": null, 
+        "total_pages": 1, 
+        "result": [
+            {"id": 16, "name": "Alaf Resincot Steel Roof-16"}, 
+            {"id": 18, "name": "Alaf Resincot Steel Roof-43"}, 
+            {"id": 95, "name": "Alaf versatile steel roof"}
+        ]
+    }
+    ```
+
+### Model record:  
+
+`GET /api/{model}/{id}`
+#### Parameters
+* **query (optional):**
+
+    Here query parameter works exactly the same as explained before except it selects fields on a single record. For example
+
+    `GET /api/product.template/95/?query={id, name}`
+
+    ```js
+    {
+        "id": 95, 
+        "name": "Alaf versatile steel roof"
+    }
+    ```
+
+
+## 2. POST
+
+`POST /api/{model}/`
+#### Headers
+* Content-Type: application/json
+#### Parameters 
+* **data (mandatory):**
+
+    This is used to pass data to be posted. For example
+    
+    `POST /api/product.public.category/`
+
+    Request Body
+
+    ```js
+    {
+        "params": {
+            "data": {
+                "name": "Test category_2"
+            }
+        }
+    }
+    ```
+
+    Response
+
+    ```js
+    {
+        "jsonrpc": "2.0",
+        "id": null,
+        "result": 398
+    }
+    ```
+
+    The number on `result` is the `id` of the newly created record.
+
+* **context (optional):**
+
+    This is used to pass any context if it's needed when creating new record. The format of passing it is
+
+    Request Body
+
+    ```js
+    {
+        "params": {
+            "context": {
+                "context_1": "context_1_value",
+                "context_2": "context_2_value",
+                ....
+            },
+            "data": {
+                "field_1": "field_1_value",
+                "field_2": "field_2_value",
+                ....
+            }
+        }
+    }
+    ```
+
+## 3. PUT
+
+### Model records: 
+
+`PUT /api/{model}/`
+#### Headers
+* Content-Type: application/json
+#### Parameters
+* **data (mandatory):**
+
+    This is used to pass data to update, it works with filter parameter, See example below
+
+* **filter (mandatory):**
+
+    This is used to filter data to update. For example
+
+    `PUT /api/product.template/`
+
+    Request Body
+
+    ```js
+    {
+        "params": {
+            "filter": [["id", "=", 95]],
+            "data": {
+                "name": "Test product"
+            }
+        }
+    }
+    ```
+
+    Response
+
+    ```js
+    {
+        "jsonrpc": "2.0",
+        "id": null,
+        "result": true
+    }
+    ```
+
+    Note: If the result is true it means success and if false or otherwise it means there was an error during update.
+
+* **context (optional):**
+    Just like in GET context is used to pass any context associated with record update. The format of passing it is
+
+    Request Body
+
+    ```js
+    {
+        "params": {
+            "context": {
+                "context_1": "context_1_value",
+                "context_2": "context_2_value",
+                ....
+            },
+            "filter": [["id", "=", 95]],
+            "data": {
+                "field_1": "field_1_value",
+                "field_2": "field_2_value",
+                ....
+            }
+        }
+    }
+    ```
+
+* **operation (optional)**:
+
+    This is only applied to `one2many` and `many2many` fields. The concept is sometimes you might not want to replace all records on either `one2many` or `many2many` fields, instead you might want to add other records or remove some records, this is where put operations comes in place. Thre are basically three PUT operations which are push, pop and delete. 
+    * push is used to add/append other records to existing linked records
+    * pop is used to remove/unlink some records from the record being updated but it doesn't delete them on the system
+    * delete is used to remove/unlink and delete records permanently on the system
+
+    For example here is how you would update `related_product_ids` which is `many2many` field with PUT operations
+
+    `PUT /api/product.template/`
+
+    Request Body
+
+    ```js
+    {
+        "params": {
+            "filter": [["id", "=", 95]],
+            "data": {
+                "related_product_ids": {
+                    "push": [102, 30],
+                    "pop": [45],
+                    "delete": [55]
+                }
+            }
+        }
+    }
+    ```
+
+    This will append product with ids 102 and 30 as related products to product with id 95 and from there unlink product with id 45 and again unlink product with id 55 and delete it from the system. So if befor this request product with id 95 had [20, 37, 45, 55] as related product ids, after this request it will be [20, 37, 102, 30].
+
+    Note: You can use one operation or two or all three at a time depending on what you want to update on your field. If you dont use these operations on `one2many` and `many2many` fields, existing values will be replaced by new values passed, so you need to be very carefull on this part.
+
+    Response:
+
+    ```js
+    {
+        "jsonrpc": "2.0",
+        "id": null,
+        "result": true
+    }
+    ```
+
+### Model record: 
+
+`PUT /api/{model}/{id}`
+#### Headers
+* Content-Type: application/json
+#### Parameters
+* data (mandatory)
+* context (optional)
+* PUT operation(push, pop, delete) (optional)
+
+All parameters works the same as explained on previous section, what changes is that here they apply to a single record being updated and we don't have filter parameter because `id` of record to be updated is passed on URL as `{id}`. Example to give us an idea of how this works.
+
+`PUT /api/product.template/95/`
+
+Request Body
+
+```js
+{
+    "params": {
+        "data": {
+            "related_product_ids": {
+                "push": [102, 30],
+                "pop": [45],
+                "delete": [55]
+            }
+        }
+    }
+}
+```
+
+## 4. DELETE
+
+### Model records: 
+
+`DELETE /api/{model}/`
+#### Parameters
+* **filter (mandatory):**
+
+    This is used to filter data to delete. For example
+
+    `DELETE /api/product.template/?filter=[["id", "=", 95]]`
+
+    Response
+
+    ```js
+    {
+        "result": true
+    }
+    ```
+    
+    Note: If the result is true it means success and if false or otherwise it means there was an error during deletion.
+
+
+### Model records: 
+
+`DELETE /api/{model}/{id}`
+#### Parameters
+This takes no parameter and we don't have filter parameter because `id` of record to be deleted is passed on URL as `{id}`. Example to give us an idea of how this works.
+
+`DELETE /api/product.template/95/`
+
+Response
+
+```js
+{
+    "result": true
+}
+```
+
+## Calling Model's Function
+
+Sometimes you might need to call model's function or a function bound to a record, inorder to do so, send a `POST` request with a body containing arguments(args) and keyword arguments(kwargs) required by the function you want to call.
+
+Below is how you can call model's function
+
+`POST /object/{model}/{function name}`
+
+Request Body
+
+```js
+{
+    "params": {
+	"args": [arg1, arg2, ..],
+	"kwargs ": {
+	    "key1": "value1",
+	    "key2": "value2",
+	    ...
+	}
+    }
+}
+```
+
+And below is how you can call a function bound to a record
+
+`POST /object/{model}/{record_id}/{function name}`
+
+Request Body
+
+```js
+{
+    "params": {
+	"args": [arg1, arg2, ..],
+	"kwargs ": {
+	    "key1": "value1",
+	    "key2": "value2",
+	    ...
+	}
+    }
+}
+```
+
+In both cases the response will be the result returned by the function called

rest-api/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+
+from . import controllers
+from . import models

rest-api/__manifest__.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+{
+    'name': "Odoo REST API",
+
+    'summary': """
+        Odoo REST API""",
+
+    'description': """
+        Odoo REST API
+    """,
+
+    'author': "Yezileli Ilomo",
+    'website': "https://github.com/yezyilomo/odoo-rest-api",
+
+    # Categories can be used to filter modules in modules listing
+    # Check https://github.com/odoo/odoo/blob/12.0/odoo/addons/base/data/ir_module_category_data.xml
+    # for the full list
+    'category': 'developers',
+    'version': '0.1',
+
+    # any module necessary for this one to work correctly
+    'depends': ['base'],
+
+    # always loaded
+    'data': [
+        # 'security/ir.model.access.csv',
+        'views/views.xml',
+        'views/templates.xml',
+    ],
+    # only loaded in demonstration mode
+    'demo': [
+        'demo/demo.xml',
+    ],
+
+    "application": True,
+    "installable": True,
+    "auto_install": False,
+
+    'external_dependencies': {
+        'python': ['pypeg2']
+    }
+}

rest-api/controllers/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import controllers

rest-api/controllers/controllers.py

@@ -0,0 +1,462 @@
+# -*- coding: utf-8 -*-
+import json
+import math
+import logging
+import requests
+
+from odoo import http, _, exceptions
+from odoo.http import request
+
+from .serializers import Serializer
+from .exceptions import QueryFormatError
+
+
+_logger = logging.getLogger(__name__)
+
+
+def error_response(error, msg):
+    return {
+        "jsonrpc": "2.0",
+        "id": None,
+        "error": {
+            "code": 200,
+            "message": msg,
+            "data": {
+                "name": str(error),
+                "debug": "",
+                "message": msg,
+                "arguments": list(error.args),
+                "exception_type": type(error).__name__
+            }
+        }
+    }
+
+
+class OdooAPI(http.Controller):
+    @http.route(
+        '/auth/',
+        type='json', auth='none', methods=["POST"], csrf=False)
+    def authenticate(self, *args, **post):
+        try:
+            login = post["login"]
+        except KeyError:
+            raise exceptions.AccessDenied(message='`login` is required.')
+
+        try:
+            password = post["password"]
+        except KeyError:
+            raise exceptions.AccessDenied(message='`password` is required.')
+
+        try:
+            db = post["db"]
+        except KeyError:
+            raise exceptions.AccessDenied(message='`db` is required.')
+
+        http.request.session.authenticate(db, login, password)
+        res = request.env['ir.http'].session_info()
+        return res
+
+    @http.route(
+        '/object/<string:model>/<string:function>',
+        type='json', auth='user', methods=["POST"], csrf=False)
+    def call_model_function(self, model, function, **post):
+        args = []
+        kwargs = {}
+        if "args" in post:
+            args = post["args"]
+        if "kwargs" in post:
+            kwargs = post["kwargs"]
+        model = request.env[model]
+        result = getattr(model, function)(*args, **kwargs)
+        return result
+
+    @http.route(
+        '/object/<string:model>/<int:rec_id>/<string:function>',
+        type='json', auth='user', methods=["POST"], csrf=False)
+    def call_obj_function(self, model, rec_id, function, **post):
+        args = []
+        kwargs = {}
+        if "args" in post:
+            args = post["args"]
+        if "kwargs" in post:
+            kwargs = post["kwargs"]
+        obj = request.env[model].browse(rec_id).ensure_one()
+        result = getattr(obj, function)(*args, **kwargs)
+        return result
+
+    @http.route(
+        '/api/<string:model>',
+        type='http', auth='user', methods=['GET'], csrf=False)
+    def get_model_data(self, model, **params):
+        try:
+            records = request.env[model].search([])
+        except KeyError as e:
+            msg = "The model `%s` does not exist." % model
+            res = error_response(e, msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        if "query" in params:
+            query = params["query"]
+        else:
+            query = "{*}"
+
+        if "order" in params:
+            orders = json.loads(params["order"])
+        else:
+            orders = ""
+
+        if "filter" in params:
+            filters = json.loads(params["filter"])
+            records = request.env[model].search(filters, order=orders)
+
+        prev_page = None
+        next_page = None
+        total_page_number = 1
+        current_page = 1
+
+        if "page_size" in params:
+            page_size = int(params["page_size"])
+            count = len(records)
+            total_page_number = math.ceil(count/page_size)
+
+            if "page" in params:
+                current_page = int(params["page"])
+            else:
+                current_page = 1  # Default page Number
+            start = page_size*(current_page-1)
+            stop = current_page*page_size
+            records = records[start:stop]
+            next_page = current_page+1 \
+                if 0 < current_page + 1 <= total_page_number \
+                else None
+            prev_page = current_page-1 \
+                if 0 < current_page - 1 <= total_page_number \
+                else None
+
+        if "limit" in params:
+            limit = int(params["limit"])
+            records = records[0:limit]
+
+        try:
+            serializer = Serializer(records, query, many=True)
+            data = serializer.data
+        except (SyntaxError, QueryFormatError) as e:
+            res = error_response(e, e.msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        res = {
+            "count": len(records),
+            "prev": prev_page,
+            "current": current_page,
+            "next": next_page,
+            "total_pages": total_page_number,
+            "result": data
+        }
+        return http.Response(
+            json.dumps(res),
+            status=200,
+            mimetype='application/json'
+        )
+
+    @http.route(
+        '/api/<string:model>/<int:rec_id>',
+        type='http', auth='user', methods=['GET'], csrf=False)
+    def get_model_rec(self, model, rec_id, **params):
+        try:
+            records = request.env[model].search([])
+        except KeyError as e:
+            msg = "The model `%s` does not exist." % model
+            res = error_response(e, msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        if "query" in params:
+            query = params["query"]
+        else:
+            query = "{*}"
+
+        # TODO: Handle the error raised by `ensure_one`
+        record = records.browse(rec_id).ensure_one()
+
+        try:
+            serializer = Serializer(record, query)
+            data = serializer.data
+        except (SyntaxError, QueryFormatError) as e:
+            res = error_response(e, e.msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        return http.Response(
+            json.dumps(data),
+            status=200,
+            mimetype='application/json'
+        )
+
+    @http.route(
+        '/api/<string:model>/',
+        type='json', auth="user", methods=['POST'], csrf=False)
+    def post_model_data(self, model, **post):
+        try:
+            data = post['data']
+        except KeyError:
+            msg = "`data` parameter is not found on POST request body"
+            raise exceptions.ValidationError(msg)
+
+        try:
+            model_to_post = request.env[model]
+        except KeyError:
+            msg = "The model `%s` does not exist." % model
+            raise exceptions.ValidationError(msg)
+
+        # TODO: Handle data validation
+
+        if "context" in post:
+            context = post["context"]
+            record = model_to_post.with_context(**context).create(data)
+        else:
+            record = model_to_post.create(data)
+        return record.id
+
+    # This is for single record update
+    @http.route(
+        '/api/<string:model>/<int:rec_id>/',
+        type='json', auth="user", methods=['PUT'], csrf=False)
+    def put_model_record(self, model, rec_id, **post):
+        try:
+            data = post['data']
+        except KeyError:
+            msg = "`data` parameter is not found on PUT request body"
+            raise exceptions.ValidationError(msg)
+
+        try:
+            model_to_put = request.env[model]
+        except KeyError:
+            msg = "The model `%s` does not exist." % model
+            raise exceptions.ValidationError(msg)
+
+        if "context" in post:
+            # TODO: Handle error raised by `ensure_one`
+            rec = model_to_put.with_context(**post["context"])\
+                .browse(rec_id).ensure_one()
+        else:
+            rec = model_to_put.browse(rec_id).ensure_one()
+
+        # TODO: Handle data validation
+        for field in data:
+            if isinstance(data[field], dict):
+                operations = []
+                for operation in data[field]:
+                    if operation == "push":
+                        operations.extend(
+                            (4, rec_id, _)
+                            for rec_id
+                            in data[field].get("push")
+                        )
+                    elif operation == "pop":
+                        operations.extend(
+                            (3, rec_id, _)
+                            for rec_id
+                            in data[field].get("pop")
+                        )
+                    elif operation == "delete":
+                        operations.extend(
+                            (2, rec_id, _)
+                            for rec_id
+                            in data[field].get("delete")
+                        )
+                    else:
+                        data[field].pop(operation)  # Invalid operation
+
+                data[field] = operations
+            elif isinstance(data[field], list):
+                data[field] = [(6, _, data[field])]  # Replace operation
+            else:
+                pass
+
+        try:
+            return rec.write(data)
+        except Exception as e:
+            # TODO: Return error message(e.msg) on a response
+            return False
+
+    # This is for bulk update
+    @http.route(
+        '/api/<string:model>/',
+        type='json', auth="user", methods=['PUT'], csrf=False)
+    def put_model_records(self, model, **post):
+        try:
+            data = post['data']
+        except KeyError:
+            msg = "`data` parameter is not found on PUT request body"
+            raise exceptions.ValidationError(msg)
+
+        try:
+            model_to_put = request.env[model]
+        except KeyError:
+            msg = "The model `%s` does not exist." % model
+            raise exceptions.ValidationError(msg)
+
+        # TODO: Handle errors on filter
+        filters = post["filter"]
+
+        if "context" in post:
+            recs = model_to_put.with_context(**post["context"])\
+                .search(filters)
+        else:
+            recs = model_to_put.search(filters)
+
+        # TODO: Handle data validation
+        for field in data:
+            if isinstance(data[field], dict):
+                operations = []
+                for operation in data[field]:
+                    if operation == "push":
+                        operations.extend(
+                            (4, rec_id, _)
+                            for rec_id
+                            in data[field].get("push")
+                        )
+                    elif operation == "pop":
+                        operations.extend(
+                            (3, rec_id, _)
+                            for rec_id
+                            in data[field].get("pop")
+                        )
+                    elif operation == "delete":
+                        operations.extend(
+                            (2, rec_id, _)
+                            for rec_id in
+                            data[field].get("delete")
+                        )
+                    else:
+                        pass  # Invalid operation
+
+                data[field] = operations
+            elif isinstance(data[field], list):
+                data[field] = [(6, _, data[field])]  # Replace operation
+            else:
+                pass
+
+        if recs.exists():
+            try:
+                return recs.write(data)
+            except Exception as e:
+                # TODO: Return error message(e.msg) on a response
+                return False
+        else:
+            # No records to update
+            return True
+
+    # This is for deleting one record
+    @http.route(
+        '/api/<string:model>/<int:rec_id>/',
+        type='http', auth="user", methods=['DELETE'], csrf=False)
+    def delete_model_record(self, model,  rec_id, **post):
+        try:
+            model_to_del_rec = request.env[model]
+        except KeyError as e:
+            msg = "The model `%s` does not exist." % model
+            res = error_response(e, msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        # TODO: Handle error raised by `ensure_one`
+        rec = model_to_del_rec.browse(rec_id).ensure_one()
+
+        try:
+            is_deleted = rec.unlink()
+            res = {
+                "result": is_deleted
+            }
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+        except Exception as e:
+            res = error_response(e, str(e))
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+    # This is for bulk deletion
+    @http.route(
+        '/api/<string:model>/',
+        type='http', auth="user", methods=['DELETE'], csrf=False)
+    def delete_model_records(self, model, **post):
+        filters = json.loads(post["filter"])
+
+        try:
+            model_to_del_rec = request.env[model]
+        except KeyError as e:
+            msg = "The model `%s` does not exist." % model
+            res = error_response(e, msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        # TODO: Handle error raised by `filters`
+        recs = model_to_del_rec.search(filters)
+
+        try:
+            is_deleted = recs.unlink()
+            res = {
+                "result": is_deleted
+            }
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+        except Exception as e:
+            res = error_response(e, str(e))
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+    @http.route(
+        '/api/<string:model>/<int:rec_id>/<string:field>',
+        type='http', auth="user", methods=['GET'], csrf=False)
+    def get_binary_record(self, model,  rec_id, field, **post):
+        try:
+            request.env[model]
+        except KeyError as e:
+            msg = "The model `%s` does not exist." % model
+            res = error_response(e, msg)
+            return http.Response(
+                json.dumps(res),
+                status=200,
+                mimetype='application/json'
+            )
+
+        rec = request.env[model].browse(rec_id).ensure_one()
+        if rec.exists():
+            src = getattr(rec, field).decode("utf-8")
+        else:
+            src = False
+        return http.Response(
+            src
+        )

rest-api/controllers/exceptions.py

@@ -0,0 +1,2 @@
+class QueryFormatError(Exception):
+    """Invalid Query Format."""

rest-api/controllers/parser.py

@@ -0,0 +1,171 @@
+import re
+
+from pypeg2 import List, contiguous, csl, name, optional, parse
+
+from .exceptions import QueryFormatError
+
+
+class IncludedField(List):
+    grammar = name()
+
+
+class ExcludedField(List):
+    grammar = contiguous('-', name())
+
+
+class AllFields(str):
+    grammar = '*'
+
+
+class BaseArgument(List):
+    @property
+    def value(self):
+        return self[0]
+
+
+class ArgumentWithoutQuotes(BaseArgument):
+    grammar = name(), ':', re.compile(r'[^,:"\'\)]+')
+
+
+class ArgumentWithSingleQuotes(BaseArgument):
+    grammar = name(), ':', "'", re.compile(r'[^\']+'), "'"
+
+
+class ArgumentWithDoubleQuotes(BaseArgument):
+    grammar = name(), ':', '"', re.compile(r'[^"]+'), '"'
+
+
+class Arguments(List):
+    grammar = optional(csl(
+        [
+            ArgumentWithoutQuotes,
+            ArgumentWithSingleQuotes,
+            ArgumentWithDoubleQuotes
+        ],
+        separator=','
+    ))
+
+
+class ArgumentsBlock(List):
+    grammar = optional('(', Arguments, ')')
+
+    @property
+    def arguments(self):
+        if self[0] is None:
+            return []  # No arguments
+        return self[0]
+
+
+class ParentField(List):
+    """
+    According to ParentField grammar:
+    self[0]  returns IncludedField instance,
+    self[1]  returns Block instance
+    """
+    @property
+    def name(self):
+        return self[0].name
+
+    @property
+    def block(self):
+        return self[1]
+
+
+class BlockBody(List):
+    grammar = optional(csl(
+        [ParentField, IncludedField, ExcludedField, AllFields],
+        separator=','
+    ))
+
+
+class Block(List):
+    grammar = ArgumentsBlock, '{', BlockBody, '}'
+
+    @property
+    def arguments(self):
+        return self[0].arguments
+
+    @property
+    def body(self):
+        return self[1]
+
+
+# ParentField grammar,
+# We don't include `ExcludedField` here because
+# exclude operator(-) on a parent field should
+# raise syntax error, e.g {name, -location{city}}
+# `IncludedField` is a parent field and `Block`
+# contains its sub fields
+ParentField.grammar = IncludedField, Block
+
+
+class Parser(object):
+    def __init__(self, query):
+        self._query = query
+
+    def get_parsed(self):
+        parse_tree = parse(self._query, Block)
+        return self._transform_block(parse_tree)
+
+    def _transform_block(self, block):
+        fields = {
+            "include": [],
+            "exclude": [],
+            "arguments": {}
+        }
+
+        for argument in block.arguments:
+            argument = {str(argument.name): argument.value}
+            fields['arguments'].update(argument)
+
+        for field in block.body:
+            # A field may be a parent or included field or excluded field
+            field = self._transform_field(field)
+
+            if isinstance(field, dict):
+                # A field is a parent
+                fields["include"].append(field)
+            elif isinstance(field, IncludedField):
+                fields["include"].append(str(field.name))
+            elif isinstance(field, ExcludedField):
+                fields["exclude"].append(str(field.name))
+            elif isinstance(field, AllFields):
+                # include all fields
+                fields["include"].append("*")
+
+        if fields["exclude"]:
+            # fields['include'] should contain only nested fields
+
+            # We should add `*` operator in fields['include']
+            add_include_all_operator = True
+            for field in fields["include"]:
+                if field == "*":
+                    # `*` operator is alredy in fields['include']
+                    add_include_all_operator = False
+                    continue
+
+                if isinstance(field, str):
+                    # Including and excluding fields on the same field level
+                    msg = (
+                        "Can not include and exclude fields on the same "
+                        "field level"
+                    )
+                    raise QueryFormatError(msg)
+
+            if add_include_all_operator:
+                # Make sure we include * operator
+                fields["include"].append("*")
+        return fields
+
+    def _transform_field(self, field):
+        # A field may be a parent or included field or excluded field
+        if isinstance(field, ParentField):
+            return self._transform_parent_field(field)
+        elif isinstance(field, (IncludedField, ExcludedField, AllFields)):
+            return field
+
+    def _transform_parent_field(self, parent_field):
+        parent_field_name = str(parent_field.name)
+        parent_field_value = self._transform_block(parent_field.block)
+        return {parent_field_name: parent_field_value}
+        

rest-api/controllers/serializers.py

@@ -0,0 +1,151 @@
+# -*- coding: utf-8 -*-
+import datetime
+from itertools import chain
+
+from .parser import Parser
+from .exceptions import QueryFormatError
+
+
+class Serializer(object):
+    def __init__(self, record, query="{*}", many=False):
+        self.many = many
+        self._record = record
+        self._raw_query = query
+        super().__init__()
+
+    def get_parsed_restql_query(self):
+        parser = Parser(self._raw_query)
+        try:
+            parsed_restql_query = parser.get_parsed()
+            return parsed_restql_query
+        except SyntaxError as e:
+            msg = "QuerySyntaxError: " + e.msg + " on " + e.text
+            raise SyntaxError(msg) from None
+        except QueryFormatError as e:
+            msg = "QueryFormatError: " + str(e)
+            raise QueryFormatError(msg) from None
+
+    @property
+    def data(self):
+        parsed_restql_query = self.get_parsed_restql_query()
+        if self.many:
+            return [
+                self.serialize(rec, parsed_restql_query)
+                for rec
+                in self._record
+            ]
+        return self.serialize(self._record, parsed_restql_query)
+
+    @classmethod
+    def build_flat_field(cls, rec, field_name):
+        all_fields = rec.fields_get()
+        if field_name not in all_fields:
+            msg = "'%s' field is not found" % field_name
+            raise LookupError(msg)
+        field_type = rec.fields_get(field_name).get(field_name).get('type')
+        if field_type in ['one2many', 'many2many']:
+            return {
+                field_name: [record.id for record in rec[field_name]]
+            }
+        elif field_type in ['many2one']:
+            return {field_name: rec[field_name].id}
+        elif field_type == 'datetime' and rec[field_name]:
+            return {
+                field_name: rec[field_name].strftime("%Y-%m-%d-%H-%M")
+            }
+        elif field_type == 'date' and rec[field_name]:
+            return {
+                field_name: rec[field_name].strftime("%Y-%m-%d")
+            }
+        elif field_type == 'time' and rec[field_name]:
+            return {
+                field_name: rec[field_name].strftime("%H-%M-%S")
+            }
+        elif field_type == "binary" and isinstance(rec[field_name], bytes) and rec[field_name]:
+            return {field_name: rec[field_name].decode("utf-8")}
+        else:
+            return {field_name: rec[field_name]}
+
+    @classmethod
+    def build_nested_field(cls, rec, field_name, nested_parsed_query):
+        all_fields = rec.fields_get()
+        if field_name not in all_fields:
+            msg = "'%s' field is not found" % field_name
+            raise LookupError(msg)
+        field_type = rec.fields_get(field_name).get(field_name).get('type')
+        if field_type in ['one2many', 'many2many']:
+            return {
+                field_name: [
+                    cls.serialize(record, nested_parsed_query)
+                    for record
+                    in rec[field_name]
+                ]
+            }
+        elif field_type in ['many2one']:
+            return {
+                field_name: cls.serialize(rec[field_name], nested_parsed_query)
+            }
+        else:
+            # Not a neste field
+            msg = "'%s' is not a nested field" % field_name
+            raise ValueError(msg)
+
+    @classmethod
+    def serialize(cls, rec, parsed_query):
+        data = {}
+
+        # NOTE: self.parsed_restql_query["include"] not being empty
+        # is not a guarantee that the exclude operator(-) has not been
+        # used because the same self.parsed_restql_query["include"]
+        # is used to store nested fields when the exclude operator(-) is used
+        if parsed_query["exclude"]:
+            # Exclude fields from a query
+            all_fields = rec.fields_get()
+            for field in parsed_query["include"]:
+                if field == "*":
+                    continue
+                for nested_field, nested_parsed_query in field.items():
+                    built_nested_field = cls.build_nested_field(
+                        rec,
+                        nested_field,
+                        nested_parsed_query
+                    )
+                    data.update(built_nested_field)
+
+            flat_fields= set(all_fields).symmetric_difference(set(parsed_query['exclude']))
+            for field in flat_fields:
+                flat_field = cls.build_flat_field(rec, field)
+                data.update(flat_field)
+
+        elif parsed_query["include"]:
+            # Here we are sure that self.parsed_restql_query["exclude"]
+            # is empty which means the exclude operator(-) is not used,
+            # so self.parsed_restql_query["include"] contains only fields
+            # to include
+            all_fields = rec.fields_get()
+            if "*" in parsed_query['include']:
+                # Include all fields
+                parsed_query['include'] = filter(
+                    lambda item: item != "*",
+                    parsed_query['include']
+                )
+                fields = chain(parsed_query['include'], all_fields)
+                parsed_query['include'] = list(fields)
+
+            for field in parsed_query["include"]:
+                if isinstance(field, dict):
+                    for nested_field, nested_parsed_query in field.items():
+                        built_nested_field = cls.build_nested_field(
+                            rec,
+                            nested_field,
+                            nested_parsed_query
+                        )
+                        data.update(built_nested_field)
+                else:
+                    flat_field = cls.build_flat_field(rec, field)
+                    data.update(flat_field)
+        else:
+            # The query is empty i.e query={}
+            # return nothing
+            return {}
+        return data

rest-api/demo/demo.xml

@@ -0,0 +1,5 @@
+<odoo>
+    <data>
+
+    </data>
+</odoo>

rest-api/models/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import models

rest-api/models/models.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from odoo import models, fields, api

rest-api/security/ir.model.access.csv

@@ -0,0 +1 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink

rest-api/views/templates.xml

@@ -0,0 +1,5 @@
+<odoo>
+    <data>
+
+    </data>
+</odoo>

rest-api/views/views.xml

@@ -0,0 +1,5 @@
+<odoo>
+  <data>
+
+  </data>
+</odoo>