From 82b9e26aa1a1b11db8058650dfbe9bb07955ea79 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Sun, 28 Jul 2019 22:47:48 +0100 Subject: [PATCH] Add API hook for logging risk assessment completion --- PyRIGS/settings.py | 3 ++ .../0034_event_risk_assessment_edit_url.py | 18 ++++++++++++ RIGS/models.py | 3 ++ RIGS/rigboard.py | 28 +++++++++++++++++++ RIGS/templates/RIGS/event_detail_buttons.html | 14 ++++++++-- RIGS/urls.py | 3 ++ requirements.txt | 2 +- 7 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 RIGS/migrations/0034_event_risk_assessment_edit_url.py diff --git a/PyRIGS/settings.py b/PyRIGS/settings.py index 6a40a352..a41ad2c9 100644 --- a/PyRIGS/settings.py +++ b/PyRIGS/settings.py @@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import raven +import secrets BASE_DIR = os.path.dirname(os.path.dirname(__file__)) @@ -235,3 +236,5 @@ TERMS_OF_HIRE_URL = "http://www.nottinghamtec.co.uk/terms.pdf" AUTHORISATION_NOTIFICATION_ADDRESS = 'productions@nottinghamtec.co.uk' RISK_ASSESSMENT_URL = os.environ.get('RISK_ASSESSMENT_URL') if os.environ.get( 'RISK_ASSESSMENT_URL') else "http://example.com" +RISK_ASSESSMENT_SECRET = os.environ.get('RISK_ASSESSMENT_SECRET') if os.environ.get( + 'RISK_ASSESSMENT_SECRET') else secrets.token_hex(15) diff --git a/RIGS/migrations/0034_event_risk_assessment_edit_url.py b/RIGS/migrations/0034_event_risk_assessment_edit_url.py new file mode 100644 index 00000000..d60cd4bd --- /dev/null +++ b/RIGS/migrations/0034_event_risk_assessment_edit_url.py @@ -0,0 +1,18 @@ +# Generated by Django 2.0.5 on 2019-07-28 21:28 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('RIGS', '0033_auto_20180325_0016'), + ] + + operations = [ + migrations.AddField( + model_name='event', + name='risk_assessment_edit_url', + field=models.CharField(blank=True, max_length=255, null=True), + ), + ] diff --git a/RIGS/models.py b/RIGS/models.py index a4eaffad..2c708851 100644 --- a/RIGS/models.py +++ b/RIGS/models.py @@ -338,6 +338,9 @@ class Event(models.Model, RevisionMixin): auth_request_at = models.DateTimeField(null=True, blank=True) auth_request_to = models.EmailField(null=True, blank=True) + # Risk assessment info + risk_assessment_edit_url = models.CharField(max_length=255, blank=True, null=True) + # Calculated values """ EX Vat diff --git a/RIGS/rigboard.py b/RIGS/rigboard.py index 0bae9940..e6112b31 100644 --- a/RIGS/rigboard.py +++ b/RIGS/rigboard.py @@ -18,6 +18,7 @@ from django.core.exceptions import SuspiciousOperation from django.db.models import Q from django.contrib import messages from django.utils.decorators import method_decorator +from django.views.decorators.csrf import csrf_exempt from z3c.rml import rml2pdf from PyPDF2 import PdfFileMerger, PdfFileReader import simplejson @@ -84,6 +85,10 @@ class EventRA(generic.base.RedirectView): permanent = False def get_redirect_url(self, *args, **kwargs): event = get_object_or_404(models.Event, pk=kwargs['pk']) + + if event.risk_assessment_edit_url: + return event.risk_assessment_edit_url + params = { 'entry.708610078': f'N{event.pk:05}', 'entry.905899507': event.name, @@ -400,3 +405,26 @@ class EventAuthoriseRequestEmailPreview(generic.DetailView): }) context['to_name'] = self.request.GET.get('to_name', None) return context + +@method_decorator(csrf_exempt, name='dispatch') +class LogRiskAssessment(generic.View): + http_method_names = ["post"] + + def post(self, request, **kwargs): + data = request.POST + shared_secret = data.get("secret") + edit_url = data.get("editUrl") + rig_number = data.get("rigNum") + if shared_secret is None or edit_url is None or rig_number is None: + return HttpResponse(status=422) + + if shared_secret != settings.RISK_ASSESSMENT_SECRET: + return HttpResponse(status=403) + + rig_number = int(re.sub("[^0-9]", "", rig_number)) + + event = get_object_or_404(models.Event, pk=rig_number) + event.risk_assessment_edit_url = edit_url + event.save() + + return HttpResponse(status=200) diff --git a/RIGS/templates/RIGS/event_detail_buttons.html b/RIGS/templates/RIGS/event_detail_buttons.html index 3d2f06af..2f05c7f1 100644 --- a/RIGS/templates/RIGS/event_detail_buttons.html +++ b/RIGS/templates/RIGS/event_detail_buttons.html @@ -2,10 +2,18 @@ - {% if event.is_rig %} + {% if not event.dry_hire %} + + {% endif %} diff --git a/RIGS/urls.py b/RIGS/urls.py index c54e2785..3630f7d0 100644 --- a/RIGS/urls.py +++ b/RIGS/urls.py @@ -188,6 +188,9 @@ urlpatterns = [ url(r'^api/(?P\w+)/(?P\d+)/$', login_required(views.SecureAPIRequest.as_view()), name="api_secure"), + # Risk assessment API + url(r'^log_risk_assessment/$', rigboard.LogRiskAssessment.as_view(), name='log_risk_assessment'), + # Legacy URL's url(r'^rig/show/(?P\d+)/$', RedirectView.as_view(permanent=True, pattern_name='event_detail')), diff --git a/requirements.txt b/requirements.txt index 62f505d5..ebe42496 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ contextlib2==0.5.5 diff-match-patch==20121119 dj-database-url==0.5.0 dj-static==0.0.6 -Django==2.0.5 +Django==2.0.13 django-debug-toolbar==1.9.1 django-ical==1.4 django-recaptcha==1.4.0