fix(fusion_clock): Photo Verification is now a real master switch (was ignored)

The global enable_photo_verification toggle only fed the portal get_settings flag;
the actual writes ignored it — the NFC kiosk gated on nfc_photo_required and the
portal on location.require_photo, so photos were captured even with the toggle OFF.
Now it's the master: OFF => no photo captured/stored anywhere (NFC kiosk config +
tap, and portal check-in); ON => per-location / NFC settings apply. Test + help
text updated. Bump 3.16.0 -> 3.16.1.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

fusion_clock/__manifest__.py

@@ -5,7 +5,7 @@
 
 {
     'name': 'Fusion Clock',
-    'version': '19.0.3.16.0',
+    'version': '19.0.3.16.1',
     'category': 'Human Resources/Attendances',
     'summary': 'Complete Employee T&A with Geofencing, Shifts, Penalties, Overtime, Kiosk, Dashboard & Payroll Export',
     'description': """

fusion_clock/controllers/clock_api.py

@@ -308,8 +308,11 @@ class FusionClockAPI(http.Controller):
                     'x_fclk_clock_source': source,
                 }
 
-                # Photo verification
+                # Photo verification — only when the global toggle is on (master);
-                if photo and location.require_photo:
+                # per-location require_photo refines it from there.
+                enable_photo = request.env['ir.config_parameter'].sudo().get_param(
+                    'fusion_clock.enable_photo_verification', 'False') == 'True'
+                if photo and enable_photo and location.require_photo:
                     try:
                         write_vals['x_fclk_checkin_photo'] = photo
                     except Exception:

fusion_clock/controllers/clock_nfc_kiosk.py

@@ -91,7 +91,8 @@ class FusionClockNfcKiosk(http.Controller):
             'company_logo_url': company_logo_url,
             'location_name': location.name if location else 'No location configured',
             'location_configured': bool(location),
-            'photo_required': ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True',
+            'photo_required': (ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True'
+                               and ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True'),
             'debug_enabled': ICP.get_param('fusion_clock.nfc_kiosk_debug', 'False') == 'True',
             'sounds_enabled': ICP.get_param('fusion_clock.enable_sounds', 'True') == 'True',
         }
@@ -289,10 +290,12 @@ class FusionClockNfcKiosk(http.Controller):
         if _is_debounced(normalized):
             return {'error': 'debounce'}
 
-        photo_required = ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True'
+        # Master switch: no photo capture/storage when global Photo Verification is off.
+        photo_enabled = ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True'
+        photo_required = photo_enabled and ICP.get_param('fusion_clock.nfc_photo_required', 'True') == 'True'
         if photo_required and not photo_b64:
             return {'error': 'photo_required', 'message': 'Camera unavailable. Ask IT to check the kiosk.'}
-        photo_bytes = _strip_data_url_prefix(photo_b64) if photo_b64 else b''
+        photo_bytes = _strip_data_url_prefix(photo_b64) if (photo_enabled and photo_b64) else b''
 
         company = request.env.company.sudo()
         location = company.x_fclk_nfc_kiosk_location_id

fusion_clock/models/res_config_settings.py

@@ -136,7 +136,9 @@ class ResConfigSettings(models.TransientModel):
     fclk_enable_photo_verification = fields.Boolean(
         string='Enable Photo Verification',
         default=False,
-        help="Global toggle for selfie verification on clock-in (per-location control).",
+        help="Master switch for selfie capture. When OFF, no photos are taken on "
+             "any clock-in/out (portal or NFC kiosk). When ON, the per-location and "
+             "NFC-kiosk photo settings apply.",
     )
     fclk_google_maps_api_key = fields.Char(
         string='Google Maps API Key',

fusion_clock/tests/test_clock_nfc_kiosk.py

@@ -454,3 +454,63 @@ class TestCreateEmployeeEndpoint(HttpCase):
     def test_create_invalid_name(self):
         result = self._call({'name': 'X', 'enroll_password': '1234'})
         self.assertEqual(result.get('error'), 'invalid_name')
+
+
+@tagged('-at_install', 'post_install', 'fusion_clock')
+class TestTapPhotoMasterSwitch(HttpCase):
+    """The global Photo Verification toggle is the master switch: when OFF, the
+    NFC kiosk stores no photo even if the client sends one; when ON (with
+    nfc_photo_required), it does."""
+
+    PNG = ('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwC'
+           'AAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=')
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.ICP = cls.env['ir.config_parameter'].sudo()
+        cls.ICP.set_param('fusion_clock.enable_nfc_kiosk', 'True')
+        cls.ICP.set_param('fusion_clock.nfc_photo_required', 'True')
+        cls.location = cls.env['fusion.clock.location'].create({
+            'name': 'Photo Plant', 'latitude': 43.65, 'longitude': -79.38, 'radius': 100,
+        })
+        cls.env.company.x_fclk_nfc_kiosk_location_id = cls.location.id
+        cls.env['res.users'].create({
+            'name': 'Photo Kiosk User', 'login': 'nfc-kiosk-photo', 'password': 'kioskpass123',
+            'group_ids': [(4, cls.env.ref('fusion_clock.group_fusion_clock_manager').id)],
+        })
+        cls.bob = cls.env['hr.employee'].create({
+            'name': 'Bob P', 'x_fclk_enable_clock': True,
+            'x_fclk_nfc_card_uid': '04:A2:B5:62:C1:91',
+        })
+
+    def setUp(self):
+        super().setUp()
+        from odoo.addons.fusion_clock.controllers import clock_nfc_kiosk as nfc_kiosk_module
+        nfc_kiosk_module._recent_taps.clear()
+
+    def _tap(self):
+        self.authenticate('nfc-kiosk-photo', 'kioskpass123')
+        response = self.url_open(
+            '/fusion_clock/kiosk/nfc/tap',
+            data=json.dumps({'jsonrpc': '2.0', 'method': 'call',
+                             'params': {'card_uid': '04:A2:B5:62:C1:91', 'photo_b64': self.PNG}}),
+            headers={'Content-Type': 'application/json'},
+        )
+        return response.json().get('result', {})
+
+    def _latest(self):
+        return self.env['hr.attendance'].search(
+            [('employee_id', '=', self.bob.id)], order='check_in desc', limit=1)
+
+    def test_no_photo_stored_when_master_off(self):
+        self.ICP.set_param('fusion_clock.enable_photo_verification', 'False')
+        result = self._tap()
+        self.assertTrue(result.get('success'))
+        self.assertFalse(self._latest().x_fclk_check_in_photo)
+
+    def test_photo_stored_when_master_on(self):
+        self.ICP.set_param('fusion_clock.enable_photo_verification', 'True')
+        result = self._tap()
+        self.assertTrue(result.get('success'))
+        self.assertTrue(self._latest().x_fclk_check_in_photo)

fusion_clock/views/res_config_settings_views.xml

@@ -133,7 +133,7 @@
                             <field name="fclk_enable_ip_fallback"/>
                         </setting>
                         <setting id="fclk_photo_verification" string="Photo Verification"
-                                 help="Require selfie on clock-in. Per-location control is available in each location's settings.">
+                                 help="Master switch for clock-in/out selfies. When OFF, no photos are captured anywhere (portal or NFC kiosk). When ON, the per-location and NFC-kiosk photo settings apply.">
                             <field name="fclk_enable_photo_verification"/>
                         </setting>
                         <setting id="fclk_google_maps" string="Google Maps API Key"