Odoo-Modules/fusion_clock/controllers/clock_kiosk.py

# -*- coding: utf-8 -*-
# Copyright 2026 Nexa Systems Inc.
# License OPL-1 (Odoo Proprietary License v1.0)

import logging
from odoo import http, fields, _
from odoo.http import request
from odoo.addons.fusion_clock.models.tz_utils import get_local_today

_logger = logging.getLogger(__name__)


def _is_kiosk_operator(user):
    """Kiosk surfaces accept a full Clock Manager OR a dedicated Kiosk Operator."""
    return (user.has_group('fusion_clock.group_fusion_clock_manager')
            or user.has_group('fusion_clock.group_fusion_clock_kiosk_app'))


class FusionClockKiosk(http.Controller):
    """PIN kiosk — shared-device clock-in/out: tap your photo, enter a PIN."""

    @http.route('/fusion_clock/kiosk', type='http', auth='user', website=True)
    def kiosk_page(self, **kw):
        """Polished PIN kiosk page for shared tablets."""
        user = request.env.user
        if not _is_kiosk_operator(user):
            return request.redirect('/my')

        ICP = request.env['ir.config_parameter'].sudo()
        if ICP.get_param('fusion_clock.enable_kiosk', 'False') != 'True':
            return request.redirect('/my')

        company = request.env.company.sudo()
        location = company.x_fclk_nfc_kiosk_location_id
        values = {
            'page_name': 'kiosk',
            'company_name': company.name,
            'company_logo_url': '/web/image/res.company/%s/logo' % company.id if company.logo else '',
            'location_name': location.name if location else 'No location configured',
            'sounds_enabled': ICP.get_param('fusion_clock.enable_sounds', 'True') == 'True',
            'photo_required': ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True',
        }
        return request.render('fusion_clock.kiosk_page', values)

    @http.route('/fusion_clock/kiosk/search', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_search(self, query='', **kw):
        """Employees for the kiosk grid. Also used by the NFC kiosk's
        employee_search — keep the return shape additive."""
        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
        employees = request.env['hr.employee'].sudo().search([
            ('x_fclk_enable_clock', '=', True),
            ('name', 'ilike', query),
        ], limit=200, order='name')
        rows = []
        for emp in employees:
            unique = emp.write_date.strftime('%Y%m%d%H%M%S') if emp.write_date else ''
            rows.append({
                'id': emp.id,
                'name': emp.name,
                'department': emp.department_id.name or '',
                'is_checked_in': emp.attendance_state == 'checked_in',
                'card_uid': emp.x_fclk_nfc_card_uid or '',
                'has_pin': bool(emp.x_fclk_kiosk_pin),
                'avatar_url': '/web/image/hr.employee.public/%s/avatar_128?unique=%s' % (emp.id, unique),
            })
        return {'employees': rows}

    @http.route('/fusion_clock/kiosk/verify_pin', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_verify_pin(self, employee_id=0, pin='', **kw):
        """Verify a PIN. Employees with no PIN return needs_setup."""
        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
        if not employee.exists():
            return {'error': 'not_found'}
        if not employee.x_fclk_kiosk_pin:
            return {'needs_setup': True, 'employee_name': employee.name}
        if employee.x_fclk_kiosk_pin != pin:
            return {'error': 'invalid_pin'}
        return {'success': True, 'employee_name': employee.name,
                'is_checked_in': employee.attendance_state == 'checked_in'}

    @http.route('/fusion_clock/kiosk/set_pin', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_set_pin(self, employee_id=0, pin='', **kw):
        """First-use PIN creation. Rejects if the employee already has one."""
        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
        if not employee.exists() or not employee.x_fclk_enable_clock:
            return {'error': 'not_found'}
        if employee.x_fclk_kiosk_pin:
            return {'error': 'already_set'}
        pin = (pin or '').strip()
        if not (pin.isdigit() and 4 <= len(pin) <= 6):
            return {'error': 'bad_pin'}
        employee.write({'x_fclk_kiosk_pin': pin})
        return {'success': True, 'employee_name': employee.name}

    @http.route('/fusion_clock/kiosk/clock', type='jsonrpc', auth='user', methods=['POST'])
    def kiosk_clock(self, employee_id=0, photo_b64='', **kw):
        """Clock the employee in/out from the shared kiosk. Fixed wall device:
        uses the company kiosk location, no per-clock GPS geofence."""
        if not _is_kiosk_operator(request.env.user):
            return {'error': 'Access denied.'}
        employee = request.env['hr.employee'].sudo().browse(int(employee_id))
        if not employee.exists() or not employee.x_fclk_enable_clock:
            return {'error': 'not_found'}

        ICP = request.env['ir.config_parameter'].sudo()
        company = request.env.company.sudo()
        location = company.x_fclk_nfc_kiosk_location_id
        if not location:
            return {'error': 'no_location_configured'}

        from .clock_api import FusionClockAPI
        from .clock_nfc_kiosk import _strip_data_url_prefix
        api = FusionClockAPI()

        photo_enabled = ICP.get_param('fusion_clock.enable_photo_verification', 'False') == 'True'
        photo_bytes = _strip_data_url_prefix(photo_b64) if (photo_enabled and photo_b64) else b''

        is_checked_in = employee.attendance_state == 'checked_in'
        now = fields.Datetime.now()
        today = get_local_today(request.env, employee)
        day_plan = employee._get_fclk_day_plan(today)
        is_scheduled_off = not day_plan.get('scheduled')

        geo_info = {'latitude': 0, 'longitude': 0, 'browser': 'kiosk',
                    'ip_address': request.httprequest.remote_addr or ''}
        try:
            attendance = employee.sudo()._attendance_action_change(geo_info)
            if not is_checked_in:
                attendance.sudo().write({
                    'x_fclk_location_id': location.id,
                    'x_fclk_in_distance': 0.0,
                    'x_fclk_clock_source': 'kiosk',
                    'x_fclk_check_in_photo': photo_bytes if photo_bytes else False,
                })
                # Back on the clock -> clear any stale missed-clock-out flag.
                if employee.x_fclk_pending_reason:
                    employee.sudo().write({'x_fclk_pending_reason': False})
                api._log_activity(employee, 'clock_in', f"Kiosk clock-in at {location.name}",
                                  attendance=attendance, location=location,
                                  latitude=0, longitude=0, distance=0, source='kiosk')
                if is_scheduled_off:
                    api._log_activity(employee, 'unscheduled_shift',
                                      f"Kiosk clock-in on an unscheduled day at {location.name}",
                                      attendance=attendance, location=location,
                                      latitude=0, longitude=0, distance=0, source='kiosk')
                else:
                    scheduled_in, _ = api._get_scheduled_times(employee, today)
                    api._check_and_create_penalty(employee, attendance, 'late_in', scheduled_in, now)
                return {'success': True, 'action': 'clock_in', 'employee_name': employee.name,
                        'message': f'{employee.name} clocked in at {location.name}', 'worked_hours': 0.0}
            else:
                attendance.sudo().write({
                    'x_fclk_out_distance': 0.0,
                    'x_fclk_check_out_photo': photo_bytes if photo_bytes else False,
                })
                if not is_scheduled_off:
                    _, scheduled_out = api._get_scheduled_times(employee, today)
                    api._check_and_create_penalty(employee, attendance, 'early_out', scheduled_out, now)
                api._log_activity(employee, 'clock_out',
                                  f"Kiosk clock-out from {location.name}. Net: {attendance.x_fclk_net_hours:.1f}h",
                                  attendance=attendance, location=location,
                                  latitude=0, longitude=0, distance=0, source='kiosk')
                return {'success': True, 'action': 'clock_out', 'employee_name': employee.name,
                        'message': f'{employee.name} clocked out from {location.name}',
                        'net_hours': round(attendance.x_fclk_net_hours or 0, 2)}
        except Exception as e:
            _logger.error("Fusion Clock PIN kiosk error: %s", str(e))
            return {'error': str(e)}