Add API hook for logging risk assessment completion

Requested by Jonny

Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.6
+
+WORKDIR /app
+
+ADD . /app
+
+RUN pip install -r requirements.txt && \
+        python manage.py collectstatic --noinput
+
+EXPOSE 8000
+
+CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]

PyRIGS/settings.py

@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 import raven
+import secrets
 
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 
@@ -233,3 +234,7 @@ USE_GRAVATAR = True
 
 TERMS_OF_HIRE_URL = "http://www.nottinghamtec.co.uk/terms.pdf"
 AUTHORISATION_NOTIFICATION_ADDRESS = 'productions@nottinghamtec.co.uk'
+RISK_ASSESSMENT_URL = os.environ.get('RISK_ASSESSMENT_URL') if os.environ.get(
+    'RISK_ASSESSMENT_URL') else "http://example.com"
+RISK_ASSESSMENT_SECRET = os.environ.get('RISK_ASSESSMENT_SECRET') if os.environ.get(
+    'RISK_ASSESSMENT_SECRET') else secrets.token_hex(15)

README.md

@@ -77,6 +77,13 @@ python manage.py runserver
 ```
 Please refer to Django documentation for a full list of options available here.
 
+### Development using docker
+
+```
+docker build . -t pyrigs
+docker run -it --rm -p=8000:8000 -v $(pwd):/app pyrigs
+```
+
 ### Sample Data ###
 Sample data is available to aid local development and user acceptance testing. To load this data into your local database, first ensure the database is empty:
 ```

RIGS/admin.py

@@ -1,24 +1,25 @@
 from django.contrib import admin
-from django.contrib import messages
+from RIGS import models, forms
-from django.contrib.admin import helpers
 from django.contrib.auth.admin import UserAdmin
-from django.core.exceptions import ObjectDoesNotExist
-from django.db import transaction
-from django.db.models import Count
-from django.forms import ModelForm
-from django.template.response import TemplateResponse
 from django.utils.translation import ugettext_lazy as _
-from reversion import revisions as reversion
 from reversion.admin import VersionAdmin
 
-from RIGS import models, forms
+from django.contrib.admin import helpers
+from django.template.response import TemplateResponse
+from django.contrib import messages
+from django.db import transaction
+from django.core.exceptions import ObjectDoesNotExist
+from django.db.models import Count
+from django.forms import ModelForm
+
+from reversion import revisions as reversion
 
 # Register your models here.
 admin.site.register(models.VatRate, VersionAdmin)
 admin.site.register(models.Event, VersionAdmin)
 admin.site.register(models.EventItem, VersionAdmin)
-admin.site.register(models.Invoice, VersionAdmin)
+admin.site.register(models.Invoice)
-admin.site.register(models.Payment, VersionAdmin)
+admin.site.register(models.Payment)
 
 
 @admin.register(models.Profile)

RIGS/finance.py

@@ -10,9 +10,8 @@ from django.template import RequestContext
 from django.template.loader import get_template
 from django.views import generic
 from django.db.models import Q
-from django.db import transaction
 from z3c.rml import rml2pdf
-import reversion
+
 from RIGS import models
 
 from django import forms
@@ -102,14 +101,14 @@ class InvoiceDelete(generic.DeleteView):
 
     def get(self, request, pk):
         obj = self.get_object()
-        if obj.payments.all().count() > 0:
+        if obj.payment_set.all().count() > 0:
             messages.info(self.request, 'To delete an invoice, delete the payments first.')
             return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': obj.pk}))
         return super(InvoiceDelete, self).get(pk)
 
     def post(self, request, pk):
         obj = self.get_object()
-        if obj.payments.all().count() > 0:
+        if obj.payment_set.all().count() > 0:
             messages.info(self.request, 'To delete an invoice, delete the payments first.')
             return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': obj.pk}))
         return super(InvoiceDelete, self).post(pk)
@@ -160,10 +159,7 @@ class InvoiceWaiting(generic.ListView):
 
 
 class InvoiceEvent(generic.View):
-    @transaction.atomic()
-    @reversion.create_revision()
     def get(self, *args, **kwargs):
-        reversion.set_user(self.request.user)
         epk = kwargs.get('pk')
         event = models.Event.objects.get(pk=epk)
         invoice, created = models.Invoice.objects.get_or_create(event=event)
@@ -188,13 +184,6 @@ class PaymentCreate(generic.CreateView):
         initial.update({'invoice': invoice})
         return initial
 
-    @transaction.atomic()
-    @reversion.create_revision()
-    def form_valid(self, form, *args, **kwargs):
-        reversion.add_to_revision(form.cleaned_data['invoice'])
-        reversion.set_comment("Payment removed")
-        return super().form_valid(form, *args, **kwargs)
-
     def get_success_url(self):
         messages.info(self.request, "location.reload()")
         return reverse_lazy('closemodal')
@@ -203,12 +192,5 @@ class PaymentCreate(generic.CreateView):
 class PaymentDelete(generic.DeleteView):
     model = models.Payment
 
-    @transaction.atomic()
-    @reversion.create_revision()
-    def delete(self, *args, **kwargs):
-        reversion.add_to_revision(self.get_object().invoice)
-        reversion.set_comment("Payment removed")
-        return super().delete(*args, **kwargs)
-
     def get_success_url(self):
         return self.request.POST.get('next')

RIGS/forms.py

@@ -33,7 +33,12 @@ class ProfileRegistrationFormUniqueEmail(RegistrationFormUniqueEmail):
         return self.cleaned_data['initials']
 
 
-# Login form
+# Embedded Login form - remove the autofocus
+class EmbeddedAuthenticationForm(AuthenticationForm):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['username'].widget.attrs.pop('autofocus', None)
+
 class PasswordReset(PasswordResetForm):
     captcha = ReCaptchaField(label='Captcha')
 

RIGS/migrations/0034_auto_20200122_0305.py

@@ -1,19 +0,0 @@
-# Generated by Django 2.0.13 on 2020-01-22 03:05
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('RIGS', '0033_auto_20180325_0016'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='payment',
-            name='invoice',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='payments', to='RIGS.Invoice'),
-        ),
-    ]

RIGS/migrations/0034_event_risk_assessment_edit_url.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.0.5 on 2019-07-28 21:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0033_auto_20180325_0016'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='event',
+            name='risk_assessment_edit_url',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

RIGS/models.py

@@ -1,21 +1,24 @@
-from collections import Counter
-
 import datetime
 import hashlib
+import datetime
 import pytz
-import random
+
-import string
-from decimal import Decimal
-from django.conf import settings
-from django.contrib.auth.models import AbstractUser
-from django.core.exceptions import ValidationError
 from django.db import models
-from django.urls import reverse_lazy
+from django.contrib.auth.models import AbstractUser
+from django.conf import settings
 from django.utils import timezone
-from django.utils.encoding import python_2_unicode_compatible
 from django.utils.functional import cached_property
+from django.utils.encoding import python_2_unicode_compatible
 from reversion import revisions as reversion
 from reversion.models import Version
+import string
+
+import random
+from collections import Counter
+from decimal import Decimal
+
+from django.core.exceptions import ValidationError
+from django.urls import reverse_lazy
 
 
 # Create your models here.
@@ -335,6 +338,9 @@ class Event(models.Model, RevisionMixin):
     auth_request_at = models.DateTimeField(null=True, blank=True)
     auth_request_to = models.EmailField(null=True, blank=True)
 
+    # Risk assessment info
+    risk_assessment_edit_url = models.CharField(max_length=255, blank=True, null=True)
+
     # Calculated values
     """
     EX Vat
@@ -527,9 +533,8 @@ class EventAuthorisation(models.Model, RevisionMixin):
         return str("N%05d" % self.event.pk + ' (requested by ' + self.sent_by.initials + ')')
 
 
-@reversion.register(follow=['payments'])
 @python_2_unicode_compatible
-class Invoice(models.Model, RevisionMixin):
+class Invoice(models.Model):
     event = models.OneToOneField('Event', on_delete=models.CASCADE)
     invoice_date = models.DateField(auto_now_add=True)
     void = models.BooleanField(default=False)
@@ -544,7 +549,7 @@ class Invoice(models.Model, RevisionMixin):
 
     @property
     def payment_total(self):
-        total = self.payments.aggregate(total=models.Sum('amount'))['total']
+        total = self.payment_set.aggregate(total=models.Sum('amount'))['total']
         if total:
             return total
         return Decimal("0.00")
@@ -582,7 +587,7 @@ class Payment(models.Model):
         (ADJUSTMENT, 'TEC Adjustment'),
     )
 
-    invoice = models.ForeignKey('Invoice', on_delete=models.CASCADE, related_name="payments")
+    invoice = models.ForeignKey('Invoice', on_delete=models.CASCADE)
     date = models.DateField()
     amount = models.DecimalField(max_digits=10, decimal_places=2, help_text='Please use ex. VAT')
     method = models.CharField(max_length=2, choices=METHODS, null=True, blank=True)

RIGS/rigboard.py

@@ -18,6 +18,7 @@ from django.core.exceptions import SuspiciousOperation
 from django.db.models import Q
 from django.contrib import messages
 from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_exempt
 from z3c.rml import rml2pdf
 from PyPDF2 import PdfFileMerger, PdfFileReader
 import simplejson
@@ -80,6 +81,24 @@ class EventEmbed(EventDetail):
     template_name = 'RIGS/event_embed.html'
 
 
+class EventRA(generic.base.RedirectView):
+    permanent = False
+    def get_redirect_url(self, *args, **kwargs):
+        event = get_object_or_404(models.Event, pk=kwargs['pk'])
+
+        if event.risk_assessment_edit_url:
+            return event.risk_assessment_edit_url
+
+        params = {
+            'entry.708610078': f'N{event.pk:05}',
+            'entry.905899507': event.name,
+            'entry.139491562': event.venue.name if event.venue else '',
+            'entry.1689826056': event.start_date.strftime('%Y-%m-%d') + ((' - ' + event.end_date.strftime('%Y-%m-%d')) if event.end_date else ''),
+            'entry.902421165': event.mic.name if event.mic else ''
+        }
+        return settings.RISK_ASSESSMENT_URL + "?" + urllib.parse.urlencode(params)
+
+
 class EventCreate(generic.CreateView):
     model = models.Event
     form_class = forms.EventForm
@@ -386,3 +405,26 @@ class EventAuthoriseRequestEmailPreview(generic.DetailView):
         })
         context['to_name'] = self.request.GET.get('to_name', None)
         return context
+
+@method_decorator(csrf_exempt, name='dispatch')
+class LogRiskAssessment(generic.View):
+    http_method_names = ["post"]
+
+    def post(self, request, **kwargs):
+        data = request.POST
+        shared_secret = data.get("secret")
+        edit_url = data.get("editUrl")
+        rig_number = data.get("rigNum")
+        if shared_secret is None or edit_url is None or rig_number is None:
+            return HttpResponse(status=422)
+
+        if shared_secret != settings.RISK_ASSESSMENT_SECRET:
+            return HttpResponse(status=403)
+
+        rig_number = int(re.sub("[^0-9]", "", rig_number))
+
+        event = get_object_or_404(models.Event, pk=rig_number)
+        event.risk_assessment_edit_url = edit_url
+        event.save()
+
+        return HttpResponse(status=200)

RIGS/static/scss/screen.scss

@@ -149,16 +149,19 @@ ins {
 }
 
 html.embedded{
-  min-height:100%;
+  display: flex;
-  display: table;
+  flex-direction: column;
   width: 100%;
+  height: 100%;
+  max-height: 100%;
+  overflow: hidden;
+  justify-content: center;
 
   body{
     padding:0;
-    display: table-cell;
-    vertical-align: middle;
     width:100%;
     background:none;
+    overflow: scroll;
   }
 
   .embed_container{

RIGS/templates/RIGS/event_detail_buttons.html

@@ -3,6 +3,17 @@
             class="glyphicon glyphicon-edit"></span> <span
             class="hidden-xs">Edit</span></a>
     {% if event.is_rig %}
+        {% if not event.dry_hire %}
+            <a href="{% url 'event_ra' event.pk %}" class="btn btn-default
+                {% if event.risk_assessment_edit_url %}
+                    btn-success
+                {% else %}
+                    btn-warning
+                {% endif %}
+            "><span
+                class="glyphicon glyphicon-paperclip"></span> <span
+                class="hidden-xs">RA</span></a>
+        {% endif %}
         <a href="{% url 'event_print' event.pk %}" target="_blank" class="btn btn-default"><span
                 class="glyphicon glyphicon-print"></span> <span
                 class="hidden-xs">Print</span></a>

RIGS/templates/RIGS/event_print_page.xml

@@ -264,7 +264,7 @@
                 </para>
             </td>
         </tr>
-        {% for payment in object.invoice.payments.all %}
+        {% for payment in object.invoice.payment_set.all %}
             <tr>
                 <td>{{ payment.get_method_display }}</td>
                 <td>{{ payment.date }}</td>

RIGS/templates/RIGS/index.html

@@ -27,7 +27,7 @@
                     <a class="list-group-item" href="//members.nottinghamtec.co.uk/wiki" target="_blank"><span class="glyphicon glyphicon-link"></span> TEC Wiki</a>
                     <a class="list-group-item" href="http://members.nottinghamtec.co.uk/wiki/images/2/22/Event_Risk_Assesment.pdf" target="_blank"><span class="glyphicon glyphicon-link"></span> Pre-Event Risk Assessment</a>
                     <a class="list-group-item" href="//members.nottinghamtec.co.uk/price" target="_blank"><span class="glyphicon glyphicon-link"></span> Price List</a>
-                    <a class="list-group-item" href="https://form.jotformeu.com/62203600438344" target="_blank"><span class="glyphicon glyphicon-link"></span> Subhire Insurance Form</a>
+                    <a class="list-group-item" href="https://goo.gl/forms/jdPWov8PCNPoXtbn2" target="_blank"><span class="glyphicon glyphicon-link"></span> Subhire Insurance Form</a>
                 
             </div>
         </div>

RIGS/templates/RIGS/invoice_detail.html

@@ -19,8 +19,7 @@
                     <span class="glyphicon glyphicon-ban-circle"></span> <span
                             class="hidden-xs">Void</span>
                 </a>
-                    <a href="{% url 'invoice_print' object.pk %}" target="_blank" title="Print Invoice"
+                <a href="{% url 'invoice_print' object.pk %}" target="_blank" title="Print Invoice" class="btn btn-default"><span
-                       class="btn btn-default"><span
                             class="glyphicon glyphicon-print"></span> <span
                             class="hidden-xs">Print</span></a>
                 </div>
@@ -86,9 +85,7 @@
                             <dd>
                                 {%  if object.event.authorised %}
                                     {{ object.event.authorisation.name }}
-                                    (
+                                    (<a href="mailto:{{ object.event.authorisation.email }}">{{ object.event.authorisation.email }}</a>)
-                                    <a href="mailto:{{ object.event.authorisation.email }}">{{ object.event.authorisation.email }}</a>
-                                    )
                                 {% endif %}
                             </dd>
 
@@ -143,7 +140,7 @@
                             </tr>
                             </thead>
                             <tbody>
-                            {% for payment in object.payments.all %}
+                            {% for payment in object.payment_set.all %}
                                 <tr>
                                     <td>{{ payment.date }}</td>
                                     <td>{{ payment.amount|floatformat:2 }}</td>
@@ -175,13 +172,6 @@
                 </div>
             </div>
         </div>
-    </div>
 
-    <div class="col-sm-12 text-right">
-        <div>
-            <a href="{% url 'invoice_history' object.pk %}" title="View Revision History">
-                Last edited at {{ object.last_edited_at }} by {{ object.last_edited_by.name }}
-            </a>
-        </div>
     </div>
 {% endblock %}

RIGS/urls.py

@@ -1,12 +1,13 @@
 from django.conf.urls import url
-from django.contrib.auth.decorators import login_required
 from django.contrib.auth.views import password_reset
-from django.views.decorators.clickjacking import xframe_options_exempt
-from django.views.generic import RedirectView
 
-from PyRIGS.decorators import api_key_required
+from django.contrib.auth.decorators import login_required
-from PyRIGS.decorators import permission_required_with_403
 from RIGS import models, views, rigboard, finance, ical, versioning, forms
+from django.views.generic import RedirectView
+from django.views.decorators.clickjacking import xframe_options_exempt
+
+from PyRIGS.decorators import permission_required_with_403
+from PyRIGS.decorators import api_key_required
 
 urlpatterns = [
     # Examples:
@@ -100,6 +101,9 @@ urlpatterns = [
     url(r'^event/(?P<pk>\d+)/print/$',
         permission_required_with_403('RIGS.view_event')(rigboard.EventPrint.as_view()),
         name='event_print'),
+    url(r'^event/(?P<pk>\d+)/ra/$',
+        permission_required_with_403('RIGS.change_event')(rigboard.EventRA.as_view()),
+        name='event_ra'),
     url(r'^event/create/$',
         permission_required_with_403('RIGS.add_event')(rigboard.EventCreate.as_view()),
         name='event_create'),
@@ -143,10 +147,6 @@ urlpatterns = [
     url(r'^invoice/(?P<pk>\d+)/delete/$',
         permission_required_with_403('RIGS.change_invoice')(finance.InvoiceDelete.as_view()),
         name='invoice_delete'),
-    url(r'^invoice/(?P<pk>\d+)/history/$',
-        permission_required_with_403('RIGS.view_invoice')(versioning.VersionHistory.as_view()),
-        name='invoice_history', kwargs={'model': models.Invoice}),
-
     url(r'^payment/create/$',
         permission_required_with_403('RIGS.add_payment')(finance.PaymentCreate.as_view()),
         name='payment_create'),
@@ -188,6 +188,9 @@ urlpatterns = [
     url(r'^api/(?P<model>\w+)/(?P<pk>\d+)/$', login_required(views.SecureAPIRequest.as_view()),
         name="api_secure"),
 
+    # Risk assessment API
+    url(r'^log_risk_assessment/$', rigboard.LogRiskAssessment.as_view(), name='log_risk_assessment'),
+
     # Legacy URL's
     url(r'^rig/show/(?P<pk>\d+)/$',
         RedirectView.as_view(permanent=True, pattern_name='event_detail')),

RIGS/views.py

@@ -62,7 +62,7 @@ def login_embed(request, **kwargs):
                 messages.warning(request, 'Cookies do not seem to be enabled. Try logging in using a new tab.')
                 request.method = 'GET'  # Render the page without trying to login
 
-        return login(request, template_name="registration/login_embed.html")
+        return login(request, template_name="registration/login_embed.html", authentication_form=forms.EmbeddedAuthenticationForm) 
 
 
 """

requirements.txt

@@ -3,7 +3,7 @@ contextlib2==0.5.5
 diff-match-patch==20121119
 dj-database-url==0.5.0
 dj-static==0.0.6
-Django==2.0.5
+Django==2.0.13
 django-debug-toolbar==1.9.1
 django-ical==1.4
 django-recaptcha==1.4.0
@@ -21,12 +21,12 @@ Pillow==5.1.0
 psycopg2==2.7.4
 Pygments==2.2.0
 PyPDF2==1.26.0
-python-dateutil==2.7.2
+python-dateutil==2.7.3
 pytz==2018.4
-raven==6.7.0
+raven==6.8.0
 reportlab==3.4.0
 selenium==3.12.0
-simplejson==3.14.0
+simplejson==3.15.0
 six==1.11.0
 sqlparse==0.2.4
 static3==0.7.0