From eaf04218d97630ab7db4f7237dfef0063fe28c7a Mon Sep 17 00:00:00 2001
From: Alaguraj0361 <alaguraj0361@gmail.com>
Date: Sat, 11 Apr 2026 17:04:07 +0530
Subject: [PATCH] implement role-based dashboard redirection, menu filtering,
 and user access control for restaurant staff modules.

---
 addons/dine360_dashboard/controllers/main.py  | 37 +++++++++++++------
 .../dine360_kds/security/ir.model.access.csv  |  2 +
 addons/dine360_restaurant/models/res_users.py |  3 +-
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/addons/dine360_dashboard/controllers/main.py b/addons/dine360_dashboard/controllers/main.py
index 79af440..223a51b 100644
--- a/addons/dine360_dashboard/controllers/main.py
+++ b/addons/dine360_dashboard/controllers/main.py
@@ -29,23 +29,38 @@ class ImageHome(Website):
         if not request.session.uid:
             return super(ImageHome, self).index(**kwargs)
 
-        # 2. Check for ANY editor or backend signal
-        # - Sec-Fetch-Dest: iframe (Chrome/Firefox standard)
-        # - Any of these common Odoo params:
+        # 2. ROLE-BASED AUTO REDIRECTION (FOR STAFF)
+        # Skip the dashboard/website entirely for Chefs and Waiters
+        user = request.env.user.sudo()
+        is_admin = user.has_group('base.group_system') or \
+                   user.has_group('dine360_restaurant.group_restaurant_admin')
+        
+        if not is_admin:
+            # 1. WAITER / CASHIER -> Priority goes to POS
+            if user.has_group('dine360_restaurant.group_restaurant_waiter') or \
+               user.has_group('dine360_restaurant.group_restaurant_cashier'):
+                return request.redirect('/web#action=point_of_sale.action_client_pos_menu')
+
+            # 2. CHEF -> Directly to KDS
+            if user.has_group('dine360_restaurant.group_restaurant_kitchen'):
+                return request.redirect('/web#action=dine360_kds.action_kds_dashboard')
+
+        # 3. SUPER SAFE EDITOR & IFRAME DETECTION
+        path = request.httprequest.path
+        params = request.params
+        headers = request.httprequest.headers
+        referer = headers.get('Referer', '')
+        fetch_dest = headers.get('Sec-Fetch-Dest', '')
+        
+        # Check for ANY editor or backend signal
         editor_params = ['enable_editor', 'edit', 'path', 'website_id', 'frontend_edit', 'model', 'id']
         is_editor_request = any(p in params for p in editor_params)
-        
-        # - Referer contains backend markers
-        is_from_backend = any(m in referer for m in ['/web', '/website/force', 'enable_editor'])
-
-        # - Odoo often passes things in kwargs that are not in params
-        has_kwargs = len(kwargs) > 0
+        is_from_backend = any(m in referer for m in ['/website/force', 'enable_editor'])
 
         # if it looks like Odoo internal business, return the real website
-        if fetch_dest == 'iframe' or is_editor_request or is_from_backend or has_kwargs:
+        if fetch_dest == 'iframe' or is_editor_request or is_from_backend:
             return super(ImageHome, self).index(**kwargs)
 
-        # 3. Final safety check: if we are not at exactly '/', don't intercept
         if path != '/':
             return super(ImageHome, self).index(**kwargs)
 
diff --git a/addons/dine360_kds/security/ir.model.access.csv b/addons/dine360_kds/security/ir.model.access.csv
index 4cad7d3..358099f 100644
--- a/addons/dine360_kds/security/ir.model.access.csv
+++ b/addons/dine360_kds/security/ir.model.access.csv
@@ -2,3 +2,5 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_kds_order_line_kitchen,pos.order.line.kitchen,point_of_sale.model_pos_order_line,dine360_restaurant.group_restaurant_kitchen,1,1,0,0
 access_kds_order_line_manager,pos.order.line.manager,point_of_sale.model_pos_order_line,dine360_restaurant.group_restaurant_manager,1,1,1,1
 access_kds_order_line_user,pos.order.line.user,point_of_sale.model_pos_order_line,base.group_user,1,1,1,0
+access_kds_pos_session_kitchen,pos.session.kitchen,point_of_sale.model_pos_session,dine360_restaurant.group_restaurant_kitchen,1,0,0,0
+access_kds_pos_category_kitchen,pos.category.kitchen,point_of_sale.model_pos_category,dine360_restaurant.group_restaurant_kitchen,1,0,0,0
diff --git a/addons/dine360_restaurant/models/res_users.py b/addons/dine360_restaurant/models/res_users.py
index 079f030..ea8d100 100644
--- a/addons/dine360_restaurant/models/res_users.py
+++ b/addons/dine360_restaurant/models/res_users.py
@@ -44,7 +44,8 @@ class ResUsers(models.Model):
                 'base.group_user',
                 'point_of_sale.group_pos_manager',
                 'stock.group_stock_manager',
-                'base.group_system'
+                'base.group_system',
+                'base.group_erp_manager'
             ],
             'store': [
                 'dine360_restaurant.group_restaurant_store_keeper',