From cd8974356966cdc08e313559a76cb779a3d04f8d Mon Sep 17 00:00:00 2001 From: Catherine Pitt <cen1001@cam.ac.uk> Date: Wed, 12 Apr 2023 12:43:44 +0100 Subject: [PATCH] Provide link to safety handbook from safety checklist form The starter needs the safety handbook to complete their safety checklist form. While they should have already been emailed a copy, they could have lost it. This change adds an endpoint where a user with a valid token can download the secret handbook, and updates the safety checklist page to have a link to that. If the handbook hasn't been provided to the app it tells the starter to go and ask their group admin instead. --- .../templates/safety/safety_form.html | 6 +++- chemistry_starters/views/safety_checklist.py | 32 +++++++++++++++++-- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/chemistry_starters/templates/safety/safety_form.html b/chemistry_starters/templates/safety/safety_form.html index 2694c40..5dabbc5 100644 --- a/chemistry_starters/templates/safety/safety_form.html +++ b/chemistry_starters/templates/safety/safety_form.html @@ -12,9 +12,13 @@ Sorry, the form is not yet complete and so cannot be submitted. <p> Please complete the safety checklist. Items marked * are compulsory. Your registration cannot be processed until this is done. </p> +{% if safety_handbook_available %} <p> -A copy of the Department Safety Handbook can be found at <a href="https://www.ch.cam.ac.uk/department-safety-handbook">https://www.ch.cam.ac.uk/department-safety-handbook</a> . +A copy of the Department Safety Handbook can be found <a href="{{ url_for('.safety_handbook', token=request.args.get('token')) }}">here</a> . </p> +{% else %} +<p>If you do not have a copy of the Department Safety Handbook please ask your group administrator.</p> +{% endif %} </div> <div id="registration-form"> <form method="POST"> diff --git a/chemistry_starters/views/safety_checklist.py b/chemistry_starters/views/safety_checklist.py index 0941f5e..be98b56 100644 --- a/chemistry_starters/views/safety_checklist.py +++ b/chemistry_starters/views/safety_checklist.py @@ -3,11 +3,21 @@ Defines the application's endpoints """ import datetime -from flask import Blueprint, g, redirect, render_template, request, send_file, url_for +from flask import ( + Blueprint, + g, + redirect, + render_template, + request, + send_file, + send_from_directory, + url_for, +) -from chemistry_starters import database, utils +from chemistry_starters import app, database, utils from chemistry_starters.forms import static_forms from chemistry_starters.utils import control +from chemistry_starters.utils.safety import is_safety_handbook_file_available safety_checklist = Blueprint("safety_checklist", __name__) @@ -59,6 +69,7 @@ def safety_checklist_form(): form=safety_form, starter_name=starter_name, safety_training_url=safety_training_url, + safety_handbook_available=is_safety_handbook_file_available(), ) else: if request.form.get("submit") != "Check data and submit form": @@ -69,6 +80,7 @@ def safety_checklist_form(): form=safety_form, starter_name=starter_name, safety_training_url=safety_training_url, + safety_handbook_available=is_safety_handbook_file_available(), ) else: if safety_form.validate_on_submit(): @@ -98,6 +110,7 @@ def safety_checklist_form(): form=safety_form, starter_name=starter_name, safety_training_url=safety_training_url, + safety_handbook_available=is_safety_handbook_file_available(), ) @@ -178,3 +191,18 @@ def get_completed_safety_form(): return redirect(url_for("error_pages.forbidden")) except database.DatabaseNotAvailable: return redirect(url_for("error_pages.unavailable")) + + +@safety_checklist.route("/register/safety-handbook") +@utils.check_token() +def safety_handbook(): + """ + Serve up the safety handbook + + This document is not in the static directory because it has to have access control. + It must also not be committed to the code repository because the contents + are secret. This route to download it is protected by token checking. + """ + return send_from_directory( + app.root_path + "/documents/", app.config["SAFETY_HANDBOOK_FILENAME"] + ) -- GitLab