From cd8974356966cdc08e313559a76cb779a3d04f8d Mon Sep 17 00:00:00 2001
From: Catherine Pitt <cen1001@cam.ac.uk>
Date: Wed, 12 Apr 2023 12:43:44 +0100
Subject: [PATCH] Provide link to safety handbook from safety checklist form
The starter needs the safety handbook to complete their safety checklist
form. While they should have already been emailed a copy, they could
have lost it. This change adds an endpoint where a user with a valid token
can download the secret handbook, and updates the safety checklist
page to have a link to that. If the handbook hasn't been provided to the
app it tells the starter to go and ask their group admin instead.
---
.../templates/safety/safety_form.html | 6 +++-
chemistry_starters/views/safety_checklist.py | 32 +++++++++++++++++--
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/chemistry_starters/templates/safety/safety_form.html b/chemistry_starters/templates/safety/safety_form.html
index 2694c40..5dabbc5 100644
--- a/chemistry_starters/templates/safety/safety_form.html
+++ b/chemistry_starters/templates/safety/safety_form.html
@@ -12,9 +12,13 @@ Sorry, the form is not yet complete and so cannot be submitted.
<p>
Please complete the safety checklist. Items marked * are compulsory. Your registration cannot be processed until this is done.
</p>
+{% if safety_handbook_available %}
<p>
-A copy of the Department Safety Handbook can be found at <a href="https://www.ch.cam.ac.uk/department-safety-handbook">https://www.ch.cam.ac.uk/department-safety-handbook</a> .
+A copy of the Department Safety Handbook can be found <a href="{{ url_for('.safety_handbook', token=request.args.get('token')) }}">here</a> .
</p>
+{% else %}
+<p>If you do not have a copy of the Department Safety Handbook please ask your group administrator.</p>
+{% endif %}
</div>
<div id="registration-form">
<form method="POST">
diff --git a/chemistry_starters/views/safety_checklist.py b/chemistry_starters/views/safety_checklist.py
index 0941f5e..be98b56 100644
--- a/chemistry_starters/views/safety_checklist.py
+++ b/chemistry_starters/views/safety_checklist.py
@@ -3,11 +3,21 @@ Defines the application's endpoints
"""
import datetime
-from flask import Blueprint, g, redirect, render_template, request, send_file, url_for
+from flask import (
+ Blueprint,
+ g,
+ redirect,
+ render_template,
+ request,
+ send_file,
+ send_from_directory,
+ url_for,
+)
-from chemistry_starters import database, utils
+from chemistry_starters import app, database, utils
from chemistry_starters.forms import static_forms
from chemistry_starters.utils import control
+from chemistry_starters.utils.safety import is_safety_handbook_file_available
safety_checklist = Blueprint("safety_checklist", __name__)
@@ -59,6 +69,7 @@ def safety_checklist_form():
form=safety_form,
starter_name=starter_name,
safety_training_url=safety_training_url,
+ safety_handbook_available=is_safety_handbook_file_available(),
)
else:
if request.form.get("submit") != "Check data and submit form":
@@ -69,6 +80,7 @@ def safety_checklist_form():
form=safety_form,
starter_name=starter_name,
safety_training_url=safety_training_url,
+ safety_handbook_available=is_safety_handbook_file_available(),
)
else:
if safety_form.validate_on_submit():
@@ -98,6 +110,7 @@ def safety_checklist_form():
form=safety_form,
starter_name=starter_name,
safety_training_url=safety_training_url,
+ safety_handbook_available=is_safety_handbook_file_available(),
)
@@ -178,3 +191,18 @@ def get_completed_safety_form():
return redirect(url_for("error_pages.forbidden"))
except database.DatabaseNotAvailable:
return redirect(url_for("error_pages.unavailable"))
+
+
+@safety_checklist.route("/register/safety-handbook")
+@utils.check_token()
+def safety_handbook():
+ """
+ Serve up the safety handbook
+
+ This document is not in the static directory because it has to have access control.
+ It must also not be committed to the code repository because the contents
+ are secret. This route to download it is protected by token checking.
+ """
+ return send_from_directory(
+ app.root_path + "/documents/", app.config["SAFETY_HANDBOOK_FILENAME"]
+ )
--
GitLab