IP Based Restriction only for Checkin and Checkout

Hi everyone, i know about the IP based restriction for login into the ERPNext. But I have a requirement where this restriction need to be only for Check-in and Checkout So that Employee can login into the system from different IP and apply for leave/download salary slip etc., but should not able to do check-in.

Can anyone have solution for that?
Thanks in Advance