From 2ee01fd1f2c95ccbef4e413983ce509a851eb280 Mon Sep 17 00:00:00 2001 From: gsinghpal Date: Sun, 31 May 2026 12:02:42 -0400 Subject: [PATCH] fix(fusion_clock): Photo Verification is now a real master switch (was ignored) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The global enable_photo_verification toggle only fed the portal get_settings flag; the actual writes ignored it — the NFC kiosk gated on nfc_photo_required and the portal on location.require_photo, so photos were captured even with the toggle OFF. Now it's the master: OFF => no photo captured/stored anywhere (NFC kiosk config + tap, and portal check-in); ON => per-location / NFC settings apply. Test + help text updated. Bump 3.16.0 -> 3.16.1. Co-Authored-By: Claude Opus 4.8 --- fusion_clock/__manifest__.py | 2 +- fusion_clock/controllers/clock_api.py | 7 ++- fusion_clock/controllers/clock_nfc_kiosk.py | 9 ++- fusion_clock/models/res_config_settings.py | 4 +- fusion_clock/tests/test_clock_nfc_kiosk.py | 60 +++++++++++++++++++ .../views/res_config_settings_views.xml | 2 +- 6 files changed, 76 insertions(+), 8 deletions(-) diff --git a/fusion_clock/__manifest__.py b/fusion_clock/__manifest__.py index c51a68e6..3932ec0b 100644 --- a/fusion_clock/__manifest__.py +++ b/fusion_clock/__manifest__.py @@ -5,7 +5,7 @@ { 'name': 'Fusion Clock', - 'version': '19.0.3.16.0', + 'version': '19.0.3.16.1', 'category': 'Human Resources/Attendances', 'summary': 'Complete Employee T&A with Geofencing, Shifts, Penalties, Overtime, Kiosk, Dashboard & Payroll Export', 'description': """ diff --git a/fusion_clock/controllers/clock_api.py b/fusion_clock/controllers/clock_api.py index 5a3e2d1e..41bd020e 100644 --- a/fusion_clock/controllers/clock_api.py +++ b/fusion_clock/controllers/clock_api.py @@ -308,8 +308,11 @@ class FusionClockAPI(http.Controller): 'x_fclk_clock_source': source, } - # Photo verification - if photo and location.require_photo: + # Photo verification — only when the global toggle is on (master); + # per-location require_photo refines it from there. + enable_photo = request.env['ir.config_parameter'].sudo().get_param( + 'fusion_clock.enable_photo_verification', 'False') == 'True' + if photo and enable_photo and location.require_photo: try: write_vals['x_fclk_checkin_photo'] = photo except Exception: diff --git a/fusion_clock/controllers/clock_nfc_kiosk.py b/fusion_clock/controllers/clock_nfc_kiosk.py index 40865e7e..96fac51b 100644 --- a/fusion_clock/controllers/clock_nfc_kiosk.py +++ b/fusion_clock/controllers/clock_nfc_kiosk.py @@ -91,7 +91,8 @@ class FusionClockNfcKiosk(http.Controller): 'company_logo_url': company_logo_url, 'location_name': location.name if location else 'No location configured', 'location_configured': bool(location), - 'photo_required': ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True', + 'photo_required': (ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True' + and ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True'), 'debug_enabled': ICP.get_param('fusion_clock.nfc_kiosk_debug', 'False') == 'True', 'sounds_enabled': ICP.get_param('fusion_clock.enable_sounds', 'True') == 'True', } @@ -289,10 +290,12 @@ class FusionClockNfcKiosk(http.Controller): if _is_debounced(normalized): return {'error': 'debounce'} - photo_required = ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True' + # Master switch: no photo capture/storage when global Photo Verification is off. + photo_enabled = ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True' + photo_required = photo_enabled and ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True' if photo_required and not photo_b64: return {'error': 'photo_required', 'message': 'Camera unavailable. Ask IT to check the kiosk.'} - photo_bytes = _strip_data_url_prefix(photo_b64) if photo_b64 else b'' + photo_bytes = _strip_data_url_prefix(photo_b64) if (photo_enabled and photo_b64) else b'' company = request.env.company.sudo() location = company.x_fclk_nfc_kiosk_location_id diff --git a/fusion_clock/models/res_config_settings.py b/fusion_clock/models/res_config_settings.py index 8778c682..bcb6a401 100644 --- a/fusion_clock/models/res_config_settings.py +++ b/fusion_clock/models/res_config_settings.py @@ -136,7 +136,9 @@ class ResConfigSettings(models.TransientModel): fclk_enable_photo_verification = fields.Boolean( string='Enable Photo Verification', default=False, - help="Global toggle for selfie verification on clock-in (per-location control).", + help="Master switch for selfie capture. When OFF, no photos are taken on " + "any clock-in/out (portal or NFC kiosk). When ON, the per-location and " + "NFC-kiosk photo settings apply.", ) fclk_google_maps_api_key = fields.Char( string='Google Maps API Key', diff --git a/fusion_clock/tests/test_clock_nfc_kiosk.py b/fusion_clock/tests/test_clock_nfc_kiosk.py index 13090332..32f2191c 100644 --- a/fusion_clock/tests/test_clock_nfc_kiosk.py +++ b/fusion_clock/tests/test_clock_nfc_kiosk.py @@ -454,3 +454,63 @@ class TestCreateEmployeeEndpoint(HttpCase): def test_create_invalid_name(self): result = self._call({'name': 'X', 'enroll_password': '1234'}) self.assertEqual(result.get('error'), 'invalid_name') + + +@tagged('-at_install', 'post_install', 'fusion_clock') +class TestTapPhotoMasterSwitch(HttpCase): + """The global Photo Verification toggle is the master switch: when OFF, the + NFC kiosk stores no photo even if the client sends one; when ON (with + nfc_photo_required), it does.""" + + PNG = ('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwC' + 'AAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=') + + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.ICP = cls.env['ir.config_parameter'].sudo() + cls.ICP.set_param('fusion_clock.enable_nfc_kiosk', 'True') + cls.ICP.set_param('fusion_clock.nfc_photo_required', 'True') + cls.location = cls.env['fusion.clock.location'].create({ + 'name': 'Photo Plant', 'latitude': 43.65, 'longitude': -79.38, 'radius': 100, + }) + cls.env.company.x_fclk_nfc_kiosk_location_id = cls.location.id + cls.env['res.users'].create({ + 'name': 'Photo Kiosk User', 'login': 'nfc-kiosk-photo', 'password': 'kioskpass123', + 'group_ids': [(4, cls.env.ref('fusion_clock.group_fusion_clock_manager').id)], + }) + cls.bob = cls.env['hr.employee'].create({ + 'name': 'Bob P', 'x_fclk_enable_clock': True, + 'x_fclk_nfc_card_uid': '04:A2:B5:62:C1:91', + }) + + def setUp(self): + super().setUp() + from odoo.addons.fusion_clock.controllers import clock_nfc_kiosk as nfc_kiosk_module + nfc_kiosk_module._recent_taps.clear() + + def _tap(self): + self.authenticate('nfc-kiosk-photo', 'kioskpass123') + response = self.url_open( + '/fusion_clock/kiosk/nfc/tap', + data=json.dumps({'jsonrpc': '2.0', 'method': 'call', + 'params': {'card_uid': '04:A2:B5:62:C1:91', 'photo_b64': self.PNG}}), + headers={'Content-Type': 'application/json'}, + ) + return response.json().get('result', {}) + + def _latest(self): + return self.env['hr.attendance'].search( + [('employee_id', '=', self.bob.id)], order='check_in desc', limit=1) + + def test_no_photo_stored_when_master_off(self): + self.ICP.set_param('fusion_clock.enable_photo_verification', 'False') + result = self._tap() + self.assertTrue(result.get('success')) + self.assertFalse(self._latest().x_fclk_check_in_photo) + + def test_photo_stored_when_master_on(self): + self.ICP.set_param('fusion_clock.enable_photo_verification', 'True') + result = self._tap() + self.assertTrue(result.get('success')) + self.assertTrue(self._latest().x_fclk_check_in_photo) diff --git a/fusion_clock/views/res_config_settings_views.xml b/fusion_clock/views/res_config_settings_views.xml index 60591a8e..fd5574b3 100644 --- a/fusion_clock/views/res_config_settings_views.xml +++ b/fusion_clock/views/res_config_settings_views.xml @@ -133,7 +133,7 @@ + help="Master switch for clock-in/out selfies. When OFF, no photos are captured anywhere (portal or NFC kiosk). When ON, the per-location and NFC-kiosk photo settings apply.">