Skip to main content
The POS system implements a three-tier role system derived from Odoo group membership. Roles control access to features, payment processing, price overrides, and reporting.

Roles

Manager

Full access to all POS features. Price overrides, refunds, settings, reports, and all cashier functions. Maps to point_of_sale.group_pos_manager.

Cashier

Standard POS operations — orders, payments, split checks, discounts. Cannot override price restrictions. Maps to point_of_sale.group_pos_user.

Waiter

Order-taking only. Can create orders and add items. Cannot process payments or perform manager actions. Fallback when neither group is set.

Role assignment

Roles are resolved server-side during bootstrap:
The resolved role is included in the bootstrap payload user.role and in pos_core_data.pos_users[].role for all POS users.

Feature guards

Use canPerformAction() from src/domain/users/roleGuards.ts to check access:

Predefined feature guards

Role utilities

src/domain/users/types.ts:

User switching

The SwitchUserLockScreen component provides full-screen lock with PIN and/or RFID card authentication. Dispatching SWITCH_USER to the session machine updates context.currentRole:

Login method configuration

Each terminal (pos.config) has a nu_login_method field that controls which authentication methods the lock screen allows: On the frontend, parseLockConfig() reads nu_login_method from bootstrap and derives pinEnabled and rfidEnabled booleans on LockConfig.
RFID card assignment is managed via the Settings dialog (RFID section, visible to managers when the login method includes RFID). Cards are stored in the standard Odoo res.users.barcode field.

Permissions system

The newer permissions system resolves per-user permission maps server-side (see architecture/permissions). canPerformAction() bridges legacy feature guards to the permission map:

Testing

111 tests across 4 files in nu_pos_react/: