# -*- coding: utf-8 -*- # Copyright 2026 Nexa Systems Inc. # License OPL-1 (Odoo Proprietary License v1.0) import logging from odoo import http, fields, _ from odoo.http import request from odoo.addons.fusion_clock.models.tz_utils import get_local_today _logger = logging.getLogger(__name__) def _is_kiosk_operator(user): """Kiosk surfaces accept a full Clock Manager OR a dedicated Kiosk Operator.""" return (user.has_group('fusion_clock.group_fusion_clock_manager') or user.has_group('fusion_clock.group_fusion_clock_kiosk_app')) class FusionClockKiosk(http.Controller): """PIN kiosk — shared-device clock-in/out: tap your photo, enter a PIN.""" @http.route('/fusion_clock/kiosk', type='http', auth='user', website=True) def kiosk_page(self, **kw): """Polished PIN kiosk page for shared tablets.""" user = request.env.user if not _is_kiosk_operator(user): return request.redirect('/my') ICP = request.env['ir.config_parameter'].sudo() if ICP.get_param('fusion_clock.enable_kiosk', 'False') != 'True': return request.redirect('/my') company = request.env.company.sudo() location = company.x_fclk_nfc_kiosk_location_id values = { 'page_name': 'kiosk', 'company_name': company.name, 'company_logo_url': '/web/image/res.company/%s/logo' % company.id if company.logo else '', 'location_name': location.name if location else 'No location configured', 'sounds_enabled': ICP.get_param('fusion_clock.enable_sounds', 'True') == 'True', 'photo_required': ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True', } return request.render('fusion_clock.kiosk_page', values) @http.route('/fusion_clock/kiosk/search', type='jsonrpc', auth='user', methods=['POST']) def kiosk_search(self, query='', **kw): """Employees for the kiosk grid. Also used by the NFC kiosk's employee_search — keep the return shape additive.""" if not _is_kiosk_operator(request.env.user): return {'error': 'Access denied.'} employees = request.env['hr.employee'].sudo().search([ ('x_fclk_enable_clock', '=', True), ('name', 'ilike', query), ], limit=200, order='name') rows = [] for emp in employees: unique = emp.write_date.strftime('%Y%m%d%H%M%S') if emp.write_date else '' rows.append({ 'id': emp.id, 'name': emp.name, 'department': emp.department_id.name or '', 'is_checked_in': emp.attendance_state == 'checked_in', 'card_uid': emp.x_fclk_nfc_card_uid or '', 'has_pin': bool(emp.x_fclk_kiosk_pin), 'avatar_url': '/web/image/hr.employee.public/%s/avatar_128?unique=%s' % (emp.id, unique), }) return {'employees': rows} @http.route('/fusion_clock/kiosk/verify_pin', type='jsonrpc', auth='user', methods=['POST']) def kiosk_verify_pin(self, employee_id=0, pin='', **kw): """Verify a PIN. Employees with no PIN return needs_setup.""" if not _is_kiosk_operator(request.env.user): return {'error': 'Access denied.'} employee = request.env['hr.employee'].sudo().browse(int(employee_id)) if not employee.exists(): return {'error': 'not_found'} if not employee.x_fclk_kiosk_pin: return {'needs_setup': True, 'employee_name': employee.name} if employee.x_fclk_kiosk_pin != pin: return {'error': 'invalid_pin'} return {'success': True, 'employee_name': employee.name, 'is_checked_in': employee.attendance_state == 'checked_in'} @http.route('/fusion_clock/kiosk/set_pin', type='jsonrpc', auth='user', methods=['POST']) def kiosk_set_pin(self, employee_id=0, pin='', **kw): """First-use PIN creation. Rejects if the employee already has one.""" if not _is_kiosk_operator(request.env.user): return {'error': 'Access denied.'} employee = request.env['hr.employee'].sudo().browse(int(employee_id)) if not employee.exists() or not employee.x_fclk_enable_clock: return {'error': 'not_found'} if employee.x_fclk_kiosk_pin: return {'error': 'already_set'} pin = (pin or '').strip() if not (pin.isdigit() and 4 <= len(pin) <= 6): return {'error': 'bad_pin'} employee.write({'x_fclk_kiosk_pin': pin}) return {'success': True, 'employee_name': employee.name} @http.route('/fusion_clock/kiosk/clock', type='jsonrpc', auth='user', methods=['POST']) def kiosk_clock(self, employee_id=0, photo_b64='', **kw): """Clock the employee in/out from the shared kiosk. Fixed wall device: uses the company kiosk location, no per-clock GPS geofence.""" if not _is_kiosk_operator(request.env.user): return {'error': 'Access denied.'} employee = request.env['hr.employee'].sudo().browse(int(employee_id)) if not employee.exists() or not employee.x_fclk_enable_clock: return {'error': 'not_found'} ICP = request.env['ir.config_parameter'].sudo() company = request.env.company.sudo() location = company.x_fclk_nfc_kiosk_location_id if not location: return {'error': 'no_location_configured'} from .clock_api import FusionClockAPI from .clock_nfc_kiosk import _strip_data_url_prefix api = FusionClockAPI() photo_enabled = ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True' photo_bytes = _strip_data_url_prefix(photo_b64) if (photo_enabled and photo_b64) else b'' is_checked_in = employee.attendance_state == 'checked_in' now = fields.Datetime.now() today = get_local_today(request.env, employee) day_plan = employee._get_fclk_day_plan(today) is_scheduled_off = not day_plan.get('scheduled') geo_info = {'latitude': 0, 'longitude': 0, 'browser': 'kiosk', 'ip_address': request.httprequest.remote_addr or ''} try: attendance = employee.sudo()._attendance_action_change(geo_info) if not is_checked_in: attendance.sudo().write({ 'x_fclk_location_id': location.id, 'x_fclk_in_distance': 0.0, 'x_fclk_clock_source': 'kiosk', 'x_fclk_check_in_photo': photo_bytes if photo_bytes else False, }) api._log_activity(employee, 'clock_in', f"Kiosk clock-in at {location.name}", attendance=attendance, location=location, latitude=0, longitude=0, distance=0, source='kiosk') if is_scheduled_off: api._log_activity(employee, 'unscheduled_shift', f"Kiosk clock-in on an unscheduled day at {location.name}", attendance=attendance, location=location, latitude=0, longitude=0, distance=0, source='kiosk') else: scheduled_in, _ = api._get_scheduled_times(employee, today) api._check_and_create_penalty(employee, attendance, 'late_in', scheduled_in, now) return {'success': True, 'action': 'clock_in', 'employee_name': employee.name, 'message': f'{employee.name} clocked in at {location.name}', 'worked_hours': 0.0} else: attendance.sudo().write({ 'x_fclk_out_distance': 0.0, 'x_fclk_check_out_photo': photo_bytes if photo_bytes else False, }) api._apply_break_deduction(attendance, employee) if not is_scheduled_off: _, scheduled_out = api._get_scheduled_times(employee, today) api._check_and_create_penalty(employee, attendance, 'early_out', scheduled_out, now) api._log_activity(employee, 'clock_out', f"Kiosk clock-out from {location.name}. Net: {attendance.x_fclk_net_hours:.1f}h", attendance=attendance, location=location, latitude=0, longitude=0, distance=0, source='kiosk') return {'success': True, 'action': 'clock_out', 'employee_name': employee.name, 'message': f'{employee.name} clocked out from {location.name}', 'net_hours': round(attendance.x_fclk_net_hours or 0, 2)} except Exception as e: _logger.error("Fusion Clock PIN kiosk error: %s", str(e)) return {'error': str(e)}