implement role-based dashboard redirection, menu filtering, and user access control for restaurant staff modules.
This commit is contained in:
Alaguraj0361
parent
bdc602a686
commit
eaf04218d9
@ -29,23 +29,38 @@ class ImageHome(Website):
|
||||
if not request.session.uid:
|
||||
return super(ImageHome, self).index(**kwargs)
|
||||
|
||||
# 2. Check for ANY editor or backend signal
|
||||
# - Sec-Fetch-Dest: iframe (Chrome/Firefox standard)
|
||||
# - Any of these common Odoo params:
|
||||
# 2. ROLE-BASED AUTO REDIRECTION (FOR STAFF)
|
||||
# Skip the dashboard/website entirely for Chefs and Waiters
|
||||
user = request.env.user.sudo()
|
||||
is_admin = user.has_group('base.group_system') or \
|
||||
user.has_group('dine360_restaurant.group_restaurant_admin')
|
||||
|
||||
if not is_admin:
|
||||
# 1. WAITER / CASHIER -> Priority goes to POS
|
||||
if user.has_group('dine360_restaurant.group_restaurant_waiter') or \
|
||||
user.has_group('dine360_restaurant.group_restaurant_cashier'):
|
||||
return request.redirect('/web#action=point_of_sale.action_client_pos_menu')
|
||||
|
||||
# 2. CHEF -> Directly to KDS
|
||||
if user.has_group('dine360_restaurant.group_restaurant_kitchen'):
|
||||
return request.redirect('/web#action=dine360_kds.action_kds_dashboard')
|
||||
|
||||
# 3. SUPER SAFE EDITOR & IFRAME DETECTION
|
||||
path = request.httprequest.path
|
||||
params = request.params
|
||||
headers = request.httprequest.headers
|
||||
referer = headers.get('Referer', '')
|
||||
fetch_dest = headers.get('Sec-Fetch-Dest', '')
|
||||
|
||||
# Check for ANY editor or backend signal
|
||||
editor_params = ['enable_editor', 'edit', 'path', 'website_id', 'frontend_edit', 'model', 'id']
|
||||
is_editor_request = any(p in params for p in editor_params)
|
||||
|
||||
# - Referer contains backend markers
|
||||
is_from_backend = any(m in referer for m in ['/web', '/website/force', 'enable_editor'])
|
||||
|
||||
# - Odoo often passes things in kwargs that are not in params
|
||||
has_kwargs = len(kwargs) > 0
|
||||
is_from_backend = any(m in referer for m in ['/website/force', 'enable_editor'])
|
||||
|
||||
# if it looks like Odoo internal business, return the real website
|
||||
if fetch_dest == 'iframe' or is_editor_request or is_from_backend or has_kwargs:
|
||||
if fetch_dest == 'iframe' or is_editor_request or is_from_backend:
|
||||
return super(ImageHome, self).index(**kwargs)
|
||||
|
||||
# 3. Final safety check: if we are not at exactly '/', don't intercept
|
||||
if path != '/':
|
||||
return super(ImageHome, self).index(**kwargs)
|
||||
|
||||
|
||||
@ -2,3 +2,5 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
|
||||
access_kds_order_line_kitchen,pos.order.line.kitchen,point_of_sale.model_pos_order_line,dine360_restaurant.group_restaurant_kitchen,1,1,0,0
|
||||
access_kds_order_line_manager,pos.order.line.manager,point_of_sale.model_pos_order_line,dine360_restaurant.group_restaurant_manager,1,1,1,1
|
||||
access_kds_order_line_user,pos.order.line.user,point_of_sale.model_pos_order_line,base.group_user,1,1,1,0
|
||||
access_kds_pos_session_kitchen,pos.session.kitchen,point_of_sale.model_pos_session,dine360_restaurant.group_restaurant_kitchen,1,0,0,0
|
||||
access_kds_pos_category_kitchen,pos.category.kitchen,point_of_sale.model_pos_category,dine360_restaurant.group_restaurant_kitchen,1,0,0,0
|
||||
|
||||
|
@ -44,7 +44,8 @@ class ResUsers(models.Model):
|
||||
'base.group_user',
|
||||
'point_of_sale.group_pos_manager',
|
||||
'stock.group_stock_manager',
|
||||
'base.group_system'
|
||||
'base.group_system',
|
||||
'base.group_erp_manager'
|
||||
],
|
||||
'store': [
|
||||
'dine360_restaurant.group_restaurant_store_keeper',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user