Foody
A production-ready restaurant management platform featuring multi-location support and granular role-based access control. Implements relational data isolation via GraphQL to ensure secure and efficient POS operations.
Executive Summary
Managing multi-location restaurants requires strict data isolation and complex role-based access control.
Foody leverages a modern GraphQL API to handle complex relationships across branches, ensuring managers have full control while staff enjoy a fast experience.
Core Infrastructure
POS Interface
High-performance ordering system for restaurant staff.
Granular RBAC
Multi-tier access control with restaurant-level scoping.
Real-Time Lifecycle
Live order tracking via WebSocket subscriptions.
Data Integrity
Strict tenant isolation and PostgreSQL reliability.
Design Philosophy
I wanted to solve the 'Nick Fury' scenario: managing multiple locations with distinct staff roles while ensuring Managers only see their own restaurant's data.
Implementing a GraphQL-based Relational Access Control system where the user's 'Restaurant ID' is baked into the permission layer, automatically scoping every query.
Technical Architecture
Enforcing strict data isolation at the API layer (Bonus Objective) while maintaining high performance for real-time POS operations.
Engineered With
- Next.js 15
- Node.js
- Express
- GraphQL (Apollo)
- PostgreSQL (Prisma)
- Redis
- Docker
Performance Goal
- Real-time POS sync via WebSockets
- High-concurrency order processing
- Optimized GraphQL query performance
System Integrity
- Strict restaurant-level data isolation
- Granular role-based access control
- Atomic database transactions for orders
