A comprehensive restaurant operations management platform implementing role-based access control with restaurant-based restrictions, designed as a solution for restaurant owners and managers to efficiently run their business operations.
Table of Contents (Click to Expand)
Nick Fury is a restaurant business owner (Admin) with multiple restaurant locations and employees:
- Captain Marvel: Manager-India (manages Spice Garden restaurant)
- Captain America: Manager-America (manages Burger Haven restaurant)
- Thanos: Team Member-India (works at Spice Garden)
- Thor: Team Member-India (works at Spice Garden)
- Travis: Team Member-America (works at Burger Haven)
Nick needs a web-based restaurant operations platform where staff can:
- Create and manage customer orders (POS-style interface)
- Process payments and update order status
- Manage menu items and pricing
- Handle payment methods
- View restaurant performance data
Access specifications by role:
| Function | Admin | Manager | Member |
|---|---|---|---|
| Create orders (POS functionality) | âś… | âś… | âś… |
| Process payments & update order status | ✅ | ✅ | ❌ |
| Manage menu items | ✅ | ✅ | ❌ |
| Manage payment methods | ✅ | ❌ | ❌ |
| Manage users & restaurants | ✅ | ❌ | ❌ |
Bonus Objective: Implement relational access where Managers & Members can only access data and features limited to their assigned restaurant location.
Foody is a production-ready restaurant operations management platform built with modern web technologies. It implements comprehensive RBAC with granular permissions and restaurant-based data isolation. The application features a GraphQL API backend with real-time subscriptions, a Next.js frontend with POS-style interfaces, and PostgreSQL database with Prisma ORM.
Key achievements:
- âś… Full-stack restaurant operations platform with all required functionality
- âś… Role-based access control (ADMIN, MANAGER, MEMBER) with restaurant scoping
- âś… Restaurant-based restrictions for managers and members
- âś… Restaurant-level data isolation and access control
- âś… POS-style order creation and management interface
- âś… Payment processing and order lifecycle management
- âś… Menu management and inventory control
- âś… Multi-location restaurant management
- âś… Real-time order status updates
- âś… Comprehensive testing and monitoring
- Restaurant Management: Create and manage multiple restaurant locations with detailed information
- Order Management: POS-style order creation, status tracking, and lifecycle management
- Menu Management: Create, update, and manage menu items with categories and pricing
- Payment Processing: Secure payment method management and order payment processing
- User Management: Role-based user accounts with restaurant assignments
- Feedback System: Collect and manage customer feedback and reviews
- Order Lifecycle: Complete order workflow from creation to completion/cancellation
- Role-Based Access Control: Three-tier permission system (Admin/Manager/Member)
- Restaurant-Based Restrictions: Users scoped to specific restaurant locations
- Restaurant-Level Isolation: Managers and members limited to their assigned restaurant
- POS-Style Interface: Intuitive order creation and management for restaurant staff
- JWT Authentication: Secure token-based authentication
- Input Validation: Comprehensive data validation and sanitization
- GraphQL API: Type-safe API with Apollo Server
- Real-Time Updates: WebSocket subscriptions for order status changes
- Caching: Redis-based performance optimization
- Monitoring: Prometheus metrics and health checks
- Logging: Structured logging with Winston
- Database: PostgreSQL with Prisma ORM and migrations
- Next.js 15: React framework with App Router
- TypeScript: Type-safe JavaScript
- Tailwind CSS: Utility-first CSS framework
- Apollo Client: GraphQL client for API communication
- Node.js: JavaScript runtime
- Express: Web framework
- Apollo Server: GraphQL server implementation
- TypeScript: Type-safe backend development
- Prisma: Database ORM and migration tool
- PostgreSQL: Primary database
- Redis: Caching and session storage
- Docker: Containerization
- Jest: Unit and integration testing
- Playwright: End-to-end testing
- Prometheus: Metrics collection
- Winston: Structured logging
- Helmet: Security headers
- CORS: Cross-origin resource sharing
- Rate Limiting: Request throttling
foody/
├── api/ # Backend API (Express + Apollo Server + GraphQL)
│ ├── src/
│ │ ├── graphql/ # GraphQL schema and resolvers
│ │ │ ├── auth/ # Authentication & user management
│ │ │ ├── feedback/ # User feedback submissions
│ │ │ ├── menu/ # Menu item management
│ │ │ ├── order/ # Order processing
│ │ │ ├── payment/ # Payment processing
│ │ │ ├── restaurant/ # Restaurant management
│ │ │ └── user/ # User profile management
│ │ ├── lib/ # Shared utilities and services
│ │ ├── middleware/ # Express middleware
│ │ ├── metrics/ # Monitoring and metrics
│ │ └── main.ts # Application entry point
│ ├── prisma/ # Database schema and migrations
│ └── package.json
├── web/ # Frontend (Next.js)
│ ├── src/
│ │ ├── app/ # Next.js app router
│ │ └── components/ # React components
│ └── package.json
├── api-e2e/ # API end-to-end tests
└── web-e2e/ # Web end-to-end tests
- Users: Role-based accounts with restaurant assignments
- Restaurants: Location-based establishments with menu items
- Menu Items: Food items with pricing and availability
- Orders: Customer orders with status tracking
- Payments: Payment transactions for orders
- Payment Methods: Stored payment methods linked to restaurants
- Feedback: User feedback submissions and reviews
| Category | Operation | ADMIN | MANAGER | MEMBER |
|---|---|---|---|---|
| Data Access Permissions | ||||
| View All Restaurants | ✅ | ❌ | ❌ | |
| View Assigned Restaurant | ❌ | ✅ | ✅ | |
| View All Menu Items | ✅ | ❌ | ❌ | |
| View Assigned Menu Items | ❌ | ✅ | ✅ | |
| View All Users | ✅ | ❌ | ❌ | |
| Restaurant Management | ||||
| Create Restaurants | ✅ | ❌ | ❌ | |
| Update Restaurants | ✅ | ❌ | ❌ | |
| Delete Restaurants | ✅ | ❌ | ❌ | |
| Menu Management | ||||
| Create Menu Items | ✅ | ✅ | ❌ | |
| Update Menu Items | ✅ | ✅ | ❌ | |
| Delete Menu Items | ✅ | ✅ | ❌ | |
| Order Management | ||||
| View Orders | âś… | âś… | âś… | |
| Create Orders | âś… | âś… | âś… | |
| Checkout/Pay Orders | ✅ | ✅ | ❌ | |
| Cancel Orders | ✅ | ✅ | ❌ | |
| Update Order Status | ✅ | ✅ | ❌ | |
| Payment Management | ||||
| View Payment Methods | ✅ | ✅ | ❌ | |
| Create Payment Methods | ✅ | ❌ | ❌ | |
| Update Payment Methods | ✅ | ❌ | ❌ | |
| Delete Payment Methods | ✅ | ❌ | ❌ | |
| Process Payments | ✅ | ✅ | ❌ | |
| User Management | ||||
| Create Users | ✅ | ❌ | ❌ | |
| Update Users | ✅ | ❌ | ❌ | |
| Delete Users | ✅ | ❌ | ❌ | |
| Feedback Management | ||||
| Submit Feedback | âś… | âś… | âś… | |
| Authentication | ||||
| Register Users | ✅ | ❌ | ❌ | |
| Login | âś… | âś… | âś… |
For detailed documentation, guides, and technical references, see the docs/ folder:
- API Documentation - GraphQL API reference, authentication, and endpoint details
- Architecture Guide - System design, data models, and technical decisions
- Deployment Guide - Production deployment, Docker setup, and scaling
- Development Guide - Development workflow, coding standards, and setup instructions
- User Guides - POS system manual and user tutorials
Note
For detailed setup instructions, including prerequisites and installation steps, see Development Setup and Development Guide.
- Node.js 22+
- PostgreSQL 15+
- Redis (optional, for caching)
-
Clone and install:
git clone https://github.com/RanitManik/foody.git cd foody npm install -
Set up environment:
cp api/.env.example api/.env cp web/.env.example web/.env npm run db:setup
-
Start development:
npm run dev
Note
For detailed development information, including setup, coding standards, and workflow, see Development Guide.
# Development
npm run dev:api # Start API server
npm run dev:web # Start web application
npm run dev # Start both servers
# Database
npm run db:generate # Generate Prisma client
npm run db:migrate # Run database migrations
npm run db:reset # Reset database
npm run db:seed # Seed database with test data
npm run db:setup # Complete database setup
~~~~npm run db:studio # Open Prisma Studio
npm run db:format # Format Prisma schema
# Testing
npm run test # Run all tests
npm run test:api # Run API unit tests
npm run test:web # Run web tests
npm run test:e2e # Run end-to-end tests
# Building
npm run build # Build all projects
npm run build:api # Build API
npm run build:web # Build web application
# Code Quality
npm run lint # Lint all code
npm run lint:api # Lint API code
npm run lint:web # Lint web code
npm run format # Format code with Prettier
npm run format:check # Check code formatting
npm run typecheck # Type check all projects
npm run typecheck:api # Type check API
npm run typecheck:web # Type check web
npm run validate # Run all quality checks (format, lint, typecheck, test)- API (
api/): GraphQL backend with domain-driven structure - Web (
web/): Next.js frontend application - Tests: Comprehensive testing across unit, integration, and e2e
- Infrastructure: Docker configuration and CI/CD pipelines
- Linting: ESLint configuration for consistent code style
- Type Checking: TypeScript strict mode enabled
- Testing: Jest for unit tests, Playwright for e2e tests
- Pre-commit Hooks: Automated code quality checks
- Code Coverage: Test coverage reporting with Codecov
- Formatting: Prettier with Tailwind CSS plugin
- VS Code: Recommended IDE with workspace settings and extensions
- EditorConfig: Consistent coding styles across editors
- Husky: Git hooks for pre-commit quality checks
- lint-staged: Run linters on staged files only
- Commitlint: Conventional commit message validation
The application includes comprehensive testing coverage:
- Unit Tests: Component and utility testing with Jest
- Integration Tests: API endpoint testing
- E2E Tests: Full user journey testing with Playwright
- Performance Tests: Load testing capabilities
Run tests:
npm run test # All tests
npm run test:api # API unit tests
npm run test:e2e # End-to-end testsNote
For detailed deployment instructions, including environment variables, Docker setup, and production configuration, see Deployment Guide.
DATABASE_URL="postgresql://user:password@localhost:5432/foody"
JWT_SECRET="your-jwt-secret"
REDIS_URL="redis://localhost:6379"
NODE_ENV="production"
HOST="0.0.0.0"
PORT=4000
CORS_ORIGIN="https://your-frontend-domain.com"NEXT_PUBLIC_API_URL="http://localhost:4000/graphql"Note
For detailed monitoring setup, metrics configuration, and observability best practices, see API Documentation and Architecture Overview.
- HTTP request duration and count
- GraphQL query metrics
- Cache hit/miss ratios
- Database connection pool status
- Application error rates
- Health Check: Basic service availability
- Readiness Check: Database connectivity
- Detailed Health: Comprehensive system status
Structured logging with Winston for request/response tracking, error monitoring, and performance analysis.
If you discover a security vulnerability, please see our Security Policy for reporting instructions.
- Authentication: JWT-based secure authentication
- Authorization: Granular role-based permissions
- Input Validation: Zod schema validation
- Rate Limiting: Express rate limiting middleware
- Security Headers: Helmet.js protection
- CORS: Configured cross-origin policies
- SQL Injection Protection: Prisma ORM safeguards
- XSS Protection: Input sanitization
- Caching: Redis-based caching for frequently accessed data
- Database Optimization: Indexed queries and connection pooling
- Response Compression: Gzip compression
- Query Optimization: Selective field fetching in GraphQL
- Connection Limits: Configured database connection pools
We welcome contributions! Please see our Contributing Guide for detailed information on how to get started, development setup, and contribution guidelines.
For questions or discussions, check out our GitHub Discussions.
This project follows a Code of Conduct to ensure a welcoming environment for all contributors.
This project is licensed under the MIT License - see the LICENSE file for details.
This application was developed as a solution for Nick Fury's restaurant operations, demonstrating full-stack development skills with modern web technologies and comprehensive access control implementation.