Implement a custom dashboard for logged-in users with role-based menu filtering, low stock alerts, and branded UI elements.

addons/dine360_dashboard/controllers/main.py

@@ -7,6 +7,7 @@ class CustomHome(Home):
     def web_login(self, *args, **kw):
         response = super(CustomHome, self).web_login(*args, **kw)
         if request.params.get('login_success') and request.session.uid:
+            # Use relative redirect to maintain HTTPS/HTTP protocol
             return request.redirect('/')
         return response
 
@@ -15,33 +16,37 @@ from odoo.addons.website.controllers.main import Website
 class ImageHome(Website):
     @http.route('/', type='http', auth='public', website=True, sitemap=True)
     def index(self, **kwargs):
-        # Detection methods (any one is enough):
-        #   1. Sec-Fetch-Dest == 'iframe'   → browser signals iframe load
-        #   2. enable_editor / edit param   → explicit editor activation
-        #   3. path param                   → Odoo redirection to a specific page
-        #   4. Referer contains website/force → coming from editor switch
         # -----------------------------------------------------------
-        fetch_dest = request.httprequest.headers.get('Sec-Fetch-Dest', '')
-        referer = request.httprequest.headers.get('Referer', '')
+        # SUPER SAFE EDITOR & IFRAME DETECTION
+        # -----------------------------------------------------------
+        path = request.httprequest.path
+        params = request.params
+        headers = request.httprequest.headers
+        referer = headers.get('Referer', '')
+        fetch_dest = headers.get('Sec-Fetch-Dest', '')
         
-        is_iframe = fetch_dest == 'iframe'
-        is_editor_param = any([
-            kwargs.get('enable_editor'),
-            request.params.get('enable_editor'),
-            kwargs.get('edit'),
-            request.params.get('edit'),
-            kwargs.get('path'),
-            request.params.get('path')
-        ])
-        is_from_editor = '/website/force' in referer or 'enable_editor' in referer or '/web' in referer
-        
-        # In Odoo, when we click "Edit", it often redirects to /?path=...
-        # If any editor signal is present, we must let the real website handle it.
-        if is_iframe or is_editor_param or is_from_editor:
+        # 1. If not logged in, always show standard homepage
+        if not request.session.uid:
             return super(ImageHome, self).index(**kwargs)
 
-        # For public users (not logged in), always show the standard website homepage
-        if not request.session.uid:
+        # 2. Check for ANY editor or backend signal
+        # - Sec-Fetch-Dest: iframe (Chrome/Firefox standard)
+        # - Any of these common Odoo params:
+        editor_params = ['enable_editor', 'edit', 'path', 'website_id', 'frontend_edit', 'model', 'id']
+        is_editor_request = any(p in params for p in editor_params)
+        
+        # - Referer contains backend markers
+        is_from_backend = any(m in referer for m in ['/web', '/website/force', 'enable_editor'])
+
+        # - Odoo often passes things in kwargs that are not in params
+        has_kwargs = len(kwargs) > 0
+
+        # if it looks like Odoo internal business, return the real website
+        if fetch_dest == 'iframe' or is_editor_request or is_from_backend or has_kwargs:
+            return super(ImageHome, self).index(**kwargs)
+
+        # 3. Final safety check: if we are not at exactly '/', don't intercept
+        if path != '/':
             return super(ImageHome, self).index(**kwargs)
 
         # Remove sudo() to respect Odoo's standard menu group restrictions

addons/dine360_dashboard/views/web_title_template.xml

@@ -8,6 +8,18 @@
         </xpath>
 
         <xpath expr="//body" position="inside">
+            <script type="text/javascript">
+                if (window.self !== window.top) {
+                    document.documentElement.classList.add('o_in_iframe');
+                    window.addEventListener('load', function() {
+                        var btn = document.querySelector('.o_dashboard_return_btn');
+                        if (btn) btn.style.display = 'none';
+                    });
+                }
+            </script>
+            <style>
+                .o_in_iframe .o_dashboard_return_btn { display: none !important; }
+            </style>
             <t t-set="is_editor" t-value="request.params.get('enable_editor') or request.params.get('edit')"/>
             <t t-if="not request.env.user._is_public() and not is_editor">
                 <a href="/" class="o_dashboard_return_btn d-print-none" title="Back to Dashboard"