From d67b4d3a710ff53480f43b23af41390e703d7c4a Mon Sep 17 00:00:00 2001 From: Catherine Pitt <cen1001@cam.ac.uk> Date: Wed, 12 Apr 2023 12:12:52 +0100 Subject: [PATCH] Provide a endpoint for safety handbook for form generators This provides and endpoint for group admins to get the safety handbook from so they can easily give a copy to their new starters. The endpoint checks REMOTE_USER which is set by the use of Raven protection, so only members of the department allowed to generate registration forms can access it. The form generation page is updated to warn if the handbook is not available. Later we'll link the handbook here if it is available. --- .../templates/form_generation/new_forms.html | 8 ++++++ chemistry_starters/views/form_generation.py | 28 ++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/chemistry_starters/templates/form_generation/new_forms.html b/chemistry_starters/templates/form_generation/new_forms.html index 5300b11..3c8fa53 100644 --- a/chemistry_starters/templates/form_generation/new_forms.html +++ b/chemistry_starters/templates/form_generation/new_forms.html @@ -34,6 +34,14 @@ Before you generate a link for a new starter please make sure they know: <br /> <input type="submit" name="Generate form" value="Generate form" /> </div> +{% if not safety_handbook_available %} +<div class="error"> + <p> + The Safety Handbook is not available to this app and so cannot be emailed to the starter. Please make sure your starter has access to a copy some other way, as they will need it in order to complete their registration. + Contact <a href="mailto:support@ch.cam.ac.uk">support@ch.cam.ac.uk</a> to get the app fixed. + </p> +</div> +{% endif %} <div> {{ form.csrf_token }} </div> diff --git a/chemistry_starters/views/form_generation.py b/chemistry_starters/views/form_generation.py index 098b0f1..f4c7ff5 100644 --- a/chemistry_starters/views/form_generation.py +++ b/chemistry_starters/views/form_generation.py @@ -1,13 +1,22 @@ """ Defines the endpoints to do with generating forms """ -from flask import Blueprint, g, redirect, render_template, request, url_for +from flask import ( + Blueprint, + g, + redirect, + render_template, + request, + send_from_directory, + url_for, +) from chemistry_starters import app, database, utils from chemistry_starters.forms import form_generation as forms from chemistry_starters.roles import roles from chemistry_starters.utils.comms import email_starter from chemistry_starters.utils.form_generation import is_form_imported, save_initial_form +from chemistry_starters.utils.safety import is_safety_handbook_file_available form_generation = Blueprint("form_generation", __name__) @@ -64,6 +73,7 @@ def create_forms(): form=get_forms_form, form_lifetime=app.config.get("FORM_LIFETIME_DAYS", 7), new_form=new_form, + safety_handbook_available=is_safety_handbook_file_available(), ) @@ -79,6 +89,7 @@ def create_forms_bulk(): "bulk_tokens": True, "form": get_forms_form, "form_lifetime": app.config.get("FORM_LIFETIME_DAYS", 7), + "safety_handbook_available": is_safety_handbook_file_available(), } # FIXME validate form here or we get roles of None possible_emails = get_forms_form.starter_email.data @@ -112,3 +123,18 @@ def create_forms_bulk(): form_args["url"] = True get_forms_form.starter_email.data = None return render_template("form_generation/new_forms.html", **form_args) + + +@form_generation.route("/safety-handbook", methods=["GET"]) +@utils.check_acl(acl_view=app.config["FORM_GENERATION_ACL_VIEW"]) +def safety_handbook(): + """ + Serve up the safety handbook + + This document is not in the static directory because it has to have access control. + It must also not be committed to the code repository because the contents + are secret. + """ + return send_from_directory( + app.root_path + "/documents/", app.config["SAFETY_HANDBOOK_FILENAME"] + ) -- GitLab