From d67b4d3a710ff53480f43b23af41390e703d7c4a Mon Sep 17 00:00:00 2001
From: Catherine Pitt <cen1001@cam.ac.uk>
Date: Wed, 12 Apr 2023 12:12:52 +0100
Subject: [PATCH] Provide a endpoint for safety handbook for form generators

This provides and endpoint for group admins to get the safety handbook
from so they can easily give a copy to their new starters. The endpoint
checks REMOTE_USER which is set by the use of Raven protection, so only
members of the department allowed to generate registration forms can
access it.

The form generation page is updated to warn if the handbook is not
available. Later we'll link the handbook here if it is available.
---
 .../templates/form_generation/new_forms.html  |  8 ++++++
 chemistry_starters/views/form_generation.py   | 28 ++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/chemistry_starters/templates/form_generation/new_forms.html b/chemistry_starters/templates/form_generation/new_forms.html
index 5300b11..3c8fa53 100644
--- a/chemistry_starters/templates/form_generation/new_forms.html
+++ b/chemistry_starters/templates/form_generation/new_forms.html
@@ -34,6 +34,14 @@ Before you generate a link for a new starter please make sure they know:
  <br />
 <input type="submit" name="Generate form" value="Generate form" />
 </div>
+{% if not safety_handbook_available %}
+<div class="error">
+    <p>
+        The Safety Handbook is not available to this app and so cannot be emailed to the starter. Please make sure your starter has access to a copy some other way, as they will need it in order to complete their registration.
+        Contact <a href="mailto:support@ch.cam.ac.uk">support@ch.cam.ac.uk</a> to get the app fixed.
+    </p>
+</div>
+{% endif %}
 <div>
 {{ form.csrf_token }}
 </div>
diff --git a/chemistry_starters/views/form_generation.py b/chemistry_starters/views/form_generation.py
index 098b0f1..f4c7ff5 100644
--- a/chemistry_starters/views/form_generation.py
+++ b/chemistry_starters/views/form_generation.py
@@ -1,13 +1,22 @@
 """
 Defines the endpoints to do with generating forms
 """
-from flask import Blueprint, g, redirect, render_template, request, url_for
+from flask import (
+    Blueprint,
+    g,
+    redirect,
+    render_template,
+    request,
+    send_from_directory,
+    url_for,
+)
 
 from chemistry_starters import app, database, utils
 from chemistry_starters.forms import form_generation as forms
 from chemistry_starters.roles import roles
 from chemistry_starters.utils.comms import email_starter
 from chemistry_starters.utils.form_generation import is_form_imported, save_initial_form
+from chemistry_starters.utils.safety import is_safety_handbook_file_available
 
 form_generation = Blueprint("form_generation", __name__)
 
@@ -64,6 +73,7 @@ def create_forms():
         form=get_forms_form,
         form_lifetime=app.config.get("FORM_LIFETIME_DAYS", 7),
         new_form=new_form,
+        safety_handbook_available=is_safety_handbook_file_available(),
     )
 
 
@@ -79,6 +89,7 @@ def create_forms_bulk():
         "bulk_tokens": True,
         "form": get_forms_form,
         "form_lifetime": app.config.get("FORM_LIFETIME_DAYS", 7),
+        "safety_handbook_available": is_safety_handbook_file_available(),
     }
     # FIXME validate form here or we get roles of None
     possible_emails = get_forms_form.starter_email.data
@@ -112,3 +123,18 @@ def create_forms_bulk():
             form_args["url"] = True
         get_forms_form.starter_email.data = None
     return render_template("form_generation/new_forms.html", **form_args)
+
+
+@form_generation.route("/safety-handbook", methods=["GET"])
+@utils.check_acl(acl_view=app.config["FORM_GENERATION_ACL_VIEW"])
+def safety_handbook():
+    """
+    Serve up the safety handbook
+
+    This document is not in the static directory because it has to have access control.
+    It must also not be committed to the code repository because the contents
+    are secret.
+    """
+    return send_from_directory(
+        app.root_path + "/documents/", app.config["SAFETY_HANDBOOK_FILENAME"]
+    )
-- 
GitLab