Skip to Content

POS Base - Security Framework

by
Odoo

251.73

v 18.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Employees (hr)
Inventory (stock)
Invoicing (account)
Point of Sale (point_of_sale)
Discuss (mail)
Lines of code 12924
Technical Name ma_pos_base
LicenseLGPL-3
Websitehttps://xamltech.com/
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Employees (hr)
Inventory (stock)
Invoicing (account)
Point of Sale (point_of_sale)
Discuss (mail)
Lines of code 12924
Technical Name ma_pos_base
LicenseLGPL-3
Websitehttps://xamltech.com/

POS Base – Security Framework

Enterprise-grade PIN authentication, 5-tier role-based access, SHA-256 hashed credentials, discount enforcement, manager overrides, audit logging & per-user permission control for Odoo 18 POS.

Odoo 18 Odoo Online Odoo.sh On Premise
80+
Python Tests
50+
JS Tests
5
Access Levels
30+
Permission Flags
12,500+
Lines of Code

PIN Authentication System

SHA-256 Hashed PINs

4–10 digit PINs with user-specific salt. _hash_pin_static(pin, user_id) generates unique hash per user.

Smart Account Lockout

Auto-lock after 5 failed attempts × 15 min cooldown. Warning levels: SafeWarningDanger.

Dual PIN System

Separate POS PIN (login) + Manager PIN (overrides). Each independently hashed, tracked, lockable.

PIN Management Actions

Generate (4-digit), Reset (6-digit), Clear, Unlock, Set Custom — all via backend buttons or wizard dialog.

Advanced Discount Control

Per-User Max Discount

pos_max_discount (0–100%). Priority: Admin=100% → Manager≥50% → User setting → Level default.

3 Validation Modes

Cap (auto-reduce to max), Block (reject + require manager), Warn (allow with warning). Configurable per POS.

Manager Discount Override

When discount exceeds limit, manager can approve via PIN. Full validate_discount_with_override() flow.

Global + User Limits

max_global_discount on POS config + per-user pos_max_discount. User limit can't exceed config limit.

POS Config Security

Strict Terminal Assignment

Users can ONLY see/access POS terminals they're assigned to. _search(), search_read(), web_search_read() all enforced.

UI Visibility Controls

Toggle Payment, Customer, Discount, Price, Qty, Numpad, Delete buttons per config. 7 independent switches.

Operation PIN Requirements

12 sensitive operations (delete order, apply discount, refund, close session, cutting…) each configurable to require PIN.

Price Control Modes

4 modes: Allow All, No Increase, No Decrease, Fixed Only. Enforced at config level.

Manager Requirement Controls

Each operation can independently require manager PIN verification:

Manager for Discount

When discount exceeds user limit

Manager for Price

Price change attempts

Manager for Delete

Order/line deletion

Manager for Negative

Negative stock selling

Manager for Refund

Refund processing

Manager for Close

Session close/logout

POS Access Configuration

Configure access level (None → Admin), Active in POS toggle, Max Discount %, Allowed POS Terminals, and Custom Permissions switch. POS PIN & Manager PIN sections with state badges.

UI Visibility & Access Level Reference

Toggle Customer, Discount, Price, Numpad, Qty, Delete buttons per user. Quick Overview card shows PIN status at a glance. Full access level comparison table with ✅/❌ for every permission.

Granular Permission Matrix

Three permission groups: Order Operations (delete, refund, qty, negative), Price & Discount (price change, discounts, payments), Session Operations (open, close, negative stock). Plus Cutting Operations — send, edit, cancel, complete, reprint, with UI visibility toggles.

PIN Security & Login Tracking

Generate 4-digit or 6-digit PINs with instant notification. Security Status dashboard tracks Last POS Login, Failed PIN Attempts (locks at 5), Failed Manager PIN Attempts. Session Close settings: require Manager PIN, require PIN for Sensitive Operations.

POS Configuration — 7 Security Tabs

Every POS terminal has its own security configuration with 7 dedicated tabs: User Access, Discount & Price, UI Visibility, PIN Security, Manager Requirements, Stock Settings, and Order Settings.

Discount & Price Settings

Manager Override — allow manager to approve exceeding discounts, require manager for discount/price. Discount Settings — Maximum Global Discount %, Validation Mode (Auto-Cap / Block / Warn), Discount Account. Price Control — 4 modes: Allow All, No Increase, No Decrease, Fixed Only. Calculation Logic info panel explains priority rules.

UI Visibility Settings

Button Visibility — toggle Discount, Customer, Payment, Quantity, Price buttons per POS terminal. Other Elements — Delete Icon, Numpad on/off. Below: Cutting Settings section with full إعدادات القص configuration (General, Personnel, Stock, UI, Notifications, Data Loading tabs).

PIN Security Settings

Operation PIN — Require PIN to Delete Order, Delete Line, or Cutting operations. Session PIN — Require PIN to Open, Close, and Require Manager PIN for Close. PIN Settings — Enable PIN for selected operations + PIN Validation Duration (minutes) timer.

Manager Approval Settings

Operations Requiring Manager — toggle each independently: Negative Quantities, Delete Operations, Refunds. Warning banner: "When enabled, these operations require a manager to enter their PIN for approval."

Order Management Settings

Order Deletion — separate controls for deleting orders After Cutting vs Before Cutting, with visual status icons. Order Creation — Allow POS Orders toggle to enable/disable order creation entirely.

Stock Management Settings

Stock Location — Lot Location for lot-level stock tracking. Stock Control — Allow Negative Stock, Block Order on Negative Stock (prevent payment), Disable Selling More Than Roll Qty (fabric-specific limit).

5-Tier Access Level System

Each level defines defaults for 30+ permission flags. Custom overrides available per user.

None

Completely blocked. No POS access at all.

All permissions disabled
Max discount: 0%
No UI buttons visible

Basic Cashier

View + sell. Cannot modify prices or discount.

Quantity change
Send to cutting
Reprint cutting receipt
Max discount: 0%
No delete, no price, no refund

Advanced User

Standard cashier with discount & line delete.

Delete order lines
Apply discounts (max 10%)
Open sessions
Cutting + reprint + history
No price change, no refund

Manager

Full operations except admin config.

All order/line/payment operations
Discount up to 50%
Refunds, negative qty
Full cutting control
No PIN required for close

Administrator

Unrestricted. Full system control.

All permissions = True
Discount 100%
Negative stock allowed
All UI visible
No PIN for anything

Complete Permission Matrix

Every user has pos_use_custom_permissions = True by default. When enabled, individual flags override level defaults.

Order Permissions

Can Delete Orderspos_allow_delete_order
Can Delete Linespos_allow_delete_line
Can Change Quantitypos_allow_quantity_change
Allow Negative Qtypos_allow_negative_qty

Price & Discount Permissions

Can Apply Discountspos_allow_discount
Can Change Pricespos_allow_price_change
Max Discount %pos_max_discount

Session Permissions

Can Open Sessionspos_allow_open_session
Can Close Sessionspos_allow_close_session
Can Modify Paymentspos_allow_payment_modification
Can Process Refundspos_allow_refund

Cutting Permissions

Send to Cuttingpos_allow_cutting
Cancel Cuttingpos_allow_cutting_cancel
Edit / Completepos_allow_cutting_edit
Reprint Receiptpos_allow_cutting_reprint

UI Visibility (per user)

pos_show_customer · pos_show_discount · pos_show_price
pos_show_qty · pos_show_numpad · pos_show_delete
pos_show_cutting_button · pos_show_cutting_status · pos_show_cutting_history

Stock & Security

Can Sell Negative Stockpos_allow_negative_stock
Require PIN for Operationspos_require_pin_for_operations
Require PIN for Cuttingpos_require_pin_for_cutting
Module Information
Technical Namema_pos_base
Version18.0.1.0.0
LicenseLGPL-3
Websitexamltech.com
Authorxamltech
Availability Odoo Online Only
Odoo Apps Deps Point of Sale Inventory Invoicing Employees
Lines of Code12,500+

Python Models Extended

  • res.users — 30+ security fields, PIN methods
  • pos.config — UI controls, discount validation, strict access
  • pos.session — PIN open/close, field loader
  • pos.sensitive.operation — 12 operation definitions

Frontend (OWL v2)

  • SecurityService (global)
  • ManagerPinPopup + OperationPinPopup
  • Discount enforcement patches (3 layers)
  • IndexedDB serialization safety fix
  • Numpad, Orderline, Navbar patches
  • Asset Verification Service

Yes! This module is built and tested for Odoo Online exclusively.

Yes. ma_pos_base is the foundation. POS Cutting, POS Customization, and POS Stock all depend on it.

PINs are never stored in plain text. Each PIN is hashed using SHA-256 with a unique per-user salt (odoo_pos_security_v2_{user_id}). Verification uses secrets.compare_digest for constant-time comparison.

Absolutely. Each user has pos_max_discount (0–100%). Admins always get 100%, Managers minimum 50%. The system also respects the POS config global limit. When exceeded, the system can auto-cap, block, or warn based on your config.

Yes, 60 days free support for bugs or issues. Contact [email protected]
XamlTech

60 Days Free Support

For bugs, issues, or installation help.

Email
[email protected]
Website
xamltech.com

We're Here to Help

Installation, configuration, or technical questions — reach out anytime.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.