feat(fusion_clock): NFC card enrollment endpoint

Adds /fusion_clock/kiosk/nfc/enroll (jsonrpc, auth=user) that validates the enroll password, normalises the card UID, checks for duplicate assignments, writes x_fclk_nfc_card_uid, and creates a card_enrollment activity log entry. 4 new tests; 21 total passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 00:58:25 -04:00
parent a24a1ddf1a
commit 661c8ae227
2 changed files with 125 additions and 0 deletions
--- a/fusion_clock/controllers/clock_nfc_kiosk.py
+++ b/fusion_clock/controllers/clock_nfc_kiosk.py
@@ -51,3 +51,56 @@ class FusionClockNfcKiosk(http.Controller):
            'debug_enabled': ICP.get_param('fusion_clock.nfc_kiosk_debug', 'False') == 'True',
        }
        return request.render('fusion_clock.nfc_kiosk_page', values)
+
+    @staticmethod
+    def _check_enroll_password(env, supplied):
+        """Verify the enroll-mode password. Empty config = always-allow for managers."""
+        configured = env['ir.config_parameter'].sudo().get_param('fusion_clock.nfc_enroll_password', '')
+        if not configured:
+            return True
+        return (supplied or '') == configured
+
+    @http.route('/fusion_clock/kiosk/nfc/enroll', type='jsonrpc', auth='user', methods=['POST'])
+    def nfc_enroll(self, employee_id=0, card_uid='', enroll_password='', **kw):
+        """Bind an NFC card UID to an employee. Manager-gated, password-gated."""
+        user = request.env.user
+        if not user.has_group('fusion_clock.group_fusion_clock_manager'):
+            return {'error': 'access_denied'}
+
+        if not self._check_enroll_password(request.env, enroll_password):
+            return {'error': 'invalid_password'}
+
+        normalized = self._normalize_uid(card_uid)
+        if not normalized:
+            return {'error': 'invalid_uid'}
+
+        Employee = request.env['hr.employee'].sudo()
+        target = Employee.browse(int(employee_id or 0))
+        if not target.exists():
+            return {'error': 'employee_not_found'}
+
+        existing = Employee.search([
+            ('x_fclk_nfc_card_uid', '=', normalized),
+            ('id', '!=', target.id),
+        ], limit=1)
+        if existing:
+            return {
+                'error': 'card_already_assigned',
+                'existing_employee': existing.name,
+            }
+
+        target.x_fclk_nfc_card_uid = normalized
+
+        # Activity log (uses 'card_enrollment' + 'nfc_kiosk' selections added in Task 2)
+        request.env['fusion.clock.activity.log'].sudo().create({
+            'employee_id': target.id,
+            'log_type': 'card_enrollment',
+            'description': f"NFC card {normalized} enrolled by {user.name}",
+            'source': 'nfc_kiosk',
+        })
+
+        return {
+            'success': True,
+            'employee_name': target.name,
+            'card_uid': normalized,
+        }