feat(fusion_clock): PIN kiosk — polished photo-tile + PIN clock (opt-in)

A proper shared-device PIN kiosk for clients who don't want NFC: photo-tile grid (+search) -> tap -> PIN (or first-use create) -> optional master-gated selfie -> clock, in the NFC kiosk's dark glass + brand-gradient style. Built as an Odoo 19 Interaction; new pin_kiosk.scss (scoped); reworked clock_kiosk.py (search +avatar/has_pin, verify_pin needs_setup, set_pin, clock via kiosk location). Drops the redundant kiosk_pin_required (PIN always required); relabels the company kiosk location; adds a PIN-kiosk app icon. Opt-in via enable_kiosk (off by default). HttpCase tests added. Bump 19.0.4.0.0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 21:25:32 -04:00
parent b61e159e6f
commit a5ec79013a
13 changed files with 672 additions and 393 deletions
--- a/fusion_clock/controllers/clock_kiosk.py
+++ b/fusion_clock/controllers/clock_kiosk.py
@@ -17,11 +17,11 @@ def _is_kiosk_operator(user):


 class FusionClockKiosk(http.Controller):
-    """Kiosk mode controller for shared-device clock-in/out."""
+    """PIN kiosk — shared-device clock-in/out: tap your photo, enter a PIN."""

    @http.route('/fusion_clock/kiosk', type='http', auth='user', website=True)
    def kiosk_page(self, **kw):
-        """Kiosk clock-in/out page for shared tablets."""
+        """Polished PIN kiosk page for shared tablets."""
        user = request.env.user
        if not _is_kiosk_operator(user):
            return request.redirect('/my')
@@ -30,74 +30,95 @@ class FusionClockKiosk(http.Controller):
        if ICP.get_param('fusion_clock.enable_kiosk', 'False') != 'True':
            return request.redirect('/my')

+        company = request.env.company.sudo()
+        location = company.x_fclk_nfc_kiosk_location_id
        values = {
-            'pin_required': ICP.get_param('fusion_clock.kiosk_pin_required', 'True') == 'True',
            'page_name': 'kiosk',
+            'company_name': company.name,
+            'company_logo_url': '/web/image/res.company/%s/logo' % company.id if company.logo else '',
+            'location_name': location.name if location else 'No location configured',
+            'sounds_enabled': ICP.get_param('fusion_clock.enable_sounds', 'True') == 'True',
+            'photo_required': ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True',
        }
        return request.render('fusion_clock.kiosk_page', values)

    @http.route('/fusion_clock/kiosk/search', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_search(self, query='', **kw):
-        """Search employees for kiosk identification."""
-        user = request.env.user
-        if not _is_kiosk_operator(user):
+        """Employees for the kiosk grid. Also used by the NFC kiosk's
+        employee_search — keep the return shape additive."""
+        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
-
        employees = request.env['hr.employee'].sudo().search([
            ('x_fclk_enable_clock', '=', True),
            ('name', 'ilike', query),
-        ], limit=20)
-
-        return {
-            'employees': [{
+        ], limit=200, order='name')
+        rows = []
+        for emp in employees:
+            unique = emp.write_date.strftime('%Y%m%d%H%M%S') if emp.write_date else ''
+            rows.append({
                'id': emp.id,
                'name': emp.name,
                'department': emp.department_id.name or '',
                'is_checked_in': emp.attendance_state == 'checked_in',
                'card_uid': emp.x_fclk_nfc_card_uid or '',
-            } for emp in employees],
-        }
+                'has_pin': bool(emp.x_fclk_kiosk_pin),
+                'avatar_url': '/web/image/hr.employee.public/%s/avatar_128?unique=%s' % (emp.id, unique),
+            })
+        return {'employees': rows}

    @http.route('/fusion_clock/kiosk/verify_pin', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_verify_pin(self, employee_id=0, pin='', **kw):
-        """Verify employee PIN for kiosk mode."""
-        user = request.env.user
-        if not _is_kiosk_operator(user):
+        """Verify a PIN. Employees with no PIN return needs_setup."""
+        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
-
-        employee = request.env['hr.employee'].sudo().browse(employee_id)
+        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
        if not employee.exists():
-            return {'error': 'Employee not found.'}
+            return {'error': 'not_found'}
+        if not employee.x_fclk_kiosk_pin:
+            return {'needs_setup': True, 'employee_name': employee.name}
+        if employee.x_fclk_kiosk_pin != pin:
+            return {'error': 'invalid_pin'}
+        return {'success': True, 'employee_name': employee.name,
+                'is_checked_in': employee.attendance_state == 'checked_in'}

-        if employee.x_fclk_kiosk_pin and employee.x_fclk_kiosk_pin != pin:
-            return {'error': 'Invalid PIN.'}
-
-        return {
-            'success': True,
-            'employee_name': employee.name,
-            'is_checked_in': employee.attendance_state == 'checked_in',
-        }
+    @http.route('/fusion_clock/kiosk/set_pin', type='jsonrpc', auth='user', methods=['POST'])
+    def kiosk_set_pin(self, employee_id=0, pin='', **kw):
+        """First-use PIN creation. Rejects if the employee already has one."""
+        if not _is_kiosk_operator(request.env.user):
+            return {'error': 'Access denied.'}
+        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
+        if not employee.exists() or not employee.x_fclk_enable_clock:
+            return {'error': 'not_found'}
+        if employee.x_fclk_kiosk_pin:
+            return {'error': 'already_set'}
+        pin = (pin or '').strip()
+        if not (pin.isdigit() and 4 <= len(pin) <= 6):
+            return {'error': 'bad_pin'}
+        employee.write({'x_fclk_kiosk_pin': pin})
+        return {'success': True, 'employee_name': employee.name}

    @http.route('/fusion_clock/kiosk/clock', type='jsonrpc', auth='user', methods=['POST'])
-    def kiosk_clock(self, employee_id=0, latitude=0, longitude=0, **kw):
-        """Perform clock action from kiosk on behalf of an employee."""
-        user = request.env.user
-        if not _is_kiosk_operator(user):
+    def kiosk_clock(self, employee_id=0, photo_b64='', **kw):
+        """Clock the employee in/out from the shared kiosk. Fixed wall device:
+        uses the company kiosk location, no per-clock GPS geofence."""
+        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
-
-        employee = request.env['hr.employee'].sudo().browse(employee_id)
+        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
        if not employee.exists() or not employee.x_fclk_enable_clock:
-            return {'error': 'Employee not found or clock not enabled.'}
+            return {'error': 'not_found'}

-        from .clock_api import FusionClockAPI, haversine_distance
+        ICP = request.env['ir.config_parameter'].sudo()
+        company = request.env.company.sudo()
+        location = company.x_fclk_nfc_kiosk_location_id
+        if not location:
+            return {'error': 'no_location_configured'}
+
+        from .clock_api import FusionClockAPI
+        from .clock_nfc_kiosk import _strip_data_url_prefix
        api = FusionClockAPI()

-        location, distance, err, method = api._verify_location(latitude, longitude, employee)
-        if not location:
-            return {
-                'error': api._location_error_message(err, distance),
-                'allowed': False,
-            }
+        photo_enabled = ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True'
+        photo_bytes = _strip_data_url_prefix(photo_b64) if (photo_enabled and photo_b64) else b''

        is_checked_in = employee.attendance_state == 'checked_in'
        now = fields.Datetime.now()
@@ -105,75 +126,46 @@ class FusionClockKiosk(http.Controller):
        day_plan = employee._get_fclk_day_plan(today)
        is_scheduled_off = not day_plan.get('scheduled')

-        geo_info = {
-            'latitude': latitude,
-            'longitude': longitude,
-            'browser': 'kiosk',
-            'ip_address': request.httprequest.remote_addr or '',
-        }
-
+        geo_info = {'latitude': 0, 'longitude': 0, 'browser': 'kiosk',
+                    'ip_address': request.httprequest.remote_addr or ''}
        try:
            attendance = employee.sudo()._attendance_action_change(geo_info)
-
            if not is_checked_in:
                attendance.sudo().write({
                    'x_fclk_location_id': location.id,
-                    'x_fclk_in_distance': round(distance, 1),
+                    'x_fclk_in_distance': 0.0,
                    'x_fclk_clock_source': 'kiosk',
+                    'x_fclk_check_in_photo': photo_bytes if photo_bytes else False,
                })
-
-                api._log_activity(
-                    employee, 'clock_in',
-                    f"Kiosk clock-in at {location.name}",
-                    attendance=attendance, location=location,
-                    latitude=latitude, longitude=longitude, distance=distance,
-                    source='kiosk',
-                )
-
+                api._log_activity(employee, 'clock_in', f"Kiosk clock-in at {location.name}",
+                                  attendance=attendance, location=location,
+                                  latitude=0, longitude=0, distance=0, source='kiosk')
                if is_scheduled_off:
-                    api._log_activity(
-                        employee, 'unscheduled_shift',
-                        f"Kiosk clock-in on an unscheduled day at {location.name}",
-                        attendance=attendance, location=location,
-                        latitude=latitude, longitude=longitude, distance=distance,
-                        source='kiosk',
-                    )
+                    api._log_activity(employee, 'unscheduled_shift',
+                                      f"Kiosk clock-in on an unscheduled day at {location.name}",
+                                      attendance=attendance, location=location,
+                                      latitude=0, longitude=0, distance=0, source='kiosk')
                else:
                    scheduled_in, _ = api._get_scheduled_times(employee, today)
                    api._check_and_create_penalty(employee, attendance, 'late_in', scheduled_in, now)
-
-                return {
-                    'success': True,
-                    'action': 'clock_in',
-                    'employee_name': employee.name,
-                    'message': f'{employee.name} clocked in at {location.name}',
-                }
+                return {'success': True, 'action': 'clock_in', 'employee_name': employee.name,
+                        'message': f'{employee.name} clocked in at {location.name}', 'worked_hours': 0.0}
            else:
                attendance.sudo().write({
-                    'x_fclk_out_distance': round(distance, 1),
+                    'x_fclk_out_distance': 0.0,
+                    'x_fclk_check_out_photo': photo_bytes if photo_bytes else False,
                })
                api._apply_break_deduction(attendance, employee)
-
                if not is_scheduled_off:
                    _, scheduled_out = api._get_scheduled_times(employee, today)
                    api._check_and_create_penalty(employee, attendance, 'early_out', scheduled_out, now)
-
-                api._log_activity(
-                    employee, 'clock_out',
-                    f"Kiosk clock-out from {location.name}. Net: {attendance.x_fclk_net_hours:.1f}h",
-                    attendance=attendance, location=location,
-                    latitude=latitude, longitude=longitude, distance=distance,
-                    source='kiosk',
-                )
-
-                return {
-                    'success': True,
-                    'action': 'clock_out',
-                    'employee_name': employee.name,
-                    'message': f'{employee.name} clocked out from {location.name}',
-                    'net_hours': round(attendance.x_fclk_net_hours or 0, 2),
-                }
-
+                api._log_activity(employee, 'clock_out',
+                                  f"Kiosk clock-out from {location.name}. Net: {attendance.x_fclk_net_hours:.1f}h",
+                                  attendance=attendance, location=location,
+                                  latitude=0, longitude=0, distance=0, source='kiosk')
+                return {'success': True, 'action': 'clock_out', 'employee_name': employee.name,
+                        'message': f'{employee.name} clocked out from {location.name}',
+                        'net_hours': round(attendance.x_fclk_net_hours or 0, 2)}
        except Exception as e:
-            _logger.error("Fusion Clock kiosk error: %s", str(e))
+            _logger.error("Fusion Clock PIN kiosk error: %s", str(e))
            return {'error': str(e)}