From c8ed83248bac5dc6b10db87c99218810c443135d Mon Sep 17 00:00:00 2001 From: Alaguraj0361 Date: Wed, 4 Mar 2026 19:34:08 +0530 Subject: [PATCH] Implement a custom dashboard for logged-in users with role-based menu filtering, low stock alerts, and branded UI elements. --- addons/dine360_dashboard/controllers/main.py | 51 ++++++++++--------- .../views/web_title_template.xml | 12 +++++ 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/addons/dine360_dashboard/controllers/main.py b/addons/dine360_dashboard/controllers/main.py index eb99198..0e1f891 100644 --- a/addons/dine360_dashboard/controllers/main.py +++ b/addons/dine360_dashboard/controllers/main.py @@ -7,6 +7,7 @@ class CustomHome(Home): def web_login(self, *args, **kw): response = super(CustomHome, self).web_login(*args, **kw) if request.params.get('login_success') and request.session.uid: + # Use relative redirect to maintain HTTPS/HTTP protocol return request.redirect('/') return response @@ -15,33 +16,37 @@ from odoo.addons.website.controllers.main import Website class ImageHome(Website): @http.route('/', type='http', auth='public', website=True, sitemap=True) def index(self, **kwargs): - # Detection methods (any one is enough): - # 1. Sec-Fetch-Dest == 'iframe' → browser signals iframe load - # 2. enable_editor / edit param → explicit editor activation - # 3. path param → Odoo redirection to a specific page - # 4. Referer contains website/force → coming from editor switch # ----------------------------------------------------------- - fetch_dest = request.httprequest.headers.get('Sec-Fetch-Dest', '') - referer = request.httprequest.headers.get('Referer', '') + # SUPER SAFE EDITOR & IFRAME DETECTION + # ----------------------------------------------------------- + path = request.httprequest.path + params = request.params + headers = request.httprequest.headers + referer = headers.get('Referer', '') + fetch_dest = headers.get('Sec-Fetch-Dest', '') - is_iframe = fetch_dest == 'iframe' - is_editor_param = any([ - kwargs.get('enable_editor'), - request.params.get('enable_editor'), - kwargs.get('edit'), - request.params.get('edit'), - kwargs.get('path'), - request.params.get('path') - ]) - is_from_editor = '/website/force' in referer or 'enable_editor' in referer or '/web' in referer - - # In Odoo, when we click "Edit", it often redirects to /?path=... - # If any editor signal is present, we must let the real website handle it. - if is_iframe or is_editor_param or is_from_editor: + # 1. If not logged in, always show standard homepage + if not request.session.uid: return super(ImageHome, self).index(**kwargs) - # For public users (not logged in), always show the standard website homepage - if not request.session.uid: + # 2. Check for ANY editor or backend signal + # - Sec-Fetch-Dest: iframe (Chrome/Firefox standard) + # - Any of these common Odoo params: + editor_params = ['enable_editor', 'edit', 'path', 'website_id', 'frontend_edit', 'model', 'id'] + is_editor_request = any(p in params for p in editor_params) + + # - Referer contains backend markers + is_from_backend = any(m in referer for m in ['/web', '/website/force', 'enable_editor']) + + # - Odoo often passes things in kwargs that are not in params + has_kwargs = len(kwargs) > 0 + + # if it looks like Odoo internal business, return the real website + if fetch_dest == 'iframe' or is_editor_request or is_from_backend or has_kwargs: + return super(ImageHome, self).index(**kwargs) + + # 3. Final safety check: if we are not at exactly '/', don't intercept + if path != '/': return super(ImageHome, self).index(**kwargs) # Remove sudo() to respect Odoo's standard menu group restrictions diff --git a/addons/dine360_dashboard/views/web_title_template.xml b/addons/dine360_dashboard/views/web_title_template.xml index 106395b..a56d865 100644 --- a/addons/dine360_dashboard/views/web_title_template.xml +++ b/addons/dine360_dashboard/views/web_title_template.xml @@ -8,6 +8,18 @@ + +