| 1 | let router = require("express").Router(); |
| 2 | const access = require("../utils/access.js"); |
| 3 | const validator = require("../public/javascripts/utils/validation"); |
| 4 | const sanitizeHtml = require('sanitize-html'); |
| 5 | const ObjectId = require("bson-objectid"); |
| 6 | const CourseModel = require("../models/course"); |
| 7 | |
| 8 | router.post('/courses', access.ajax, access.logged, (req,res) => { |
| 9 | let code = req.body["code"]; |
| 10 | let description = sanitizeHtml(req.body["description"]); |
| 11 | let error = validator({code:code}, "Course"); |
| 12 | if (error.length > 0) |
| 13 | return res.json({errmsg:error}); |
| 14 | CourseModel.insert(req.user._id, code, description, (err,course) => { |
| 15 | access.checkRequest(res, err, course, "Course addition failed", () => { |
| 16 | res.json(course); |
| 17 | }); |
| 18 | }); |
| 19 | }); |
| 20 | |
| 21 | router.put("/courses/password", access.ajax, access.logged, (req,res) => { |
| 22 | let cid = req.body["cid"]; |
| 23 | let pwd = req.body["pwd"]; |
| 24 | let error = validator({password:pwd, _id:cid}, "Course"); |
| 25 | if (error.length > 0) |
| 26 | return res.json({errmsg:error}); |
| 27 | CourseModel.setPassword(req.user._id, ObjectId(cid), pwd, (err,ret) => { |
| 28 | access.checkRequest(res, err, ret, "password update failed", () => { |
| 29 | res.json({}); |
| 30 | }); |
| 31 | }); |
| 32 | }); |
| 33 | |
| 34 | router.put('/courses/student-list', access.ajax, access.logged, (req,res) => { |
| 35 | let cid = req.body["cid"]; |
| 36 | let students = JSON.parse(req.body["students"]); |
| 37 | let error = validator({_id:cid, students: students}, "Course"); |
| 38 | if (error.length > 0) |
| 39 | return res.json({errmsg:error}); |
| 40 | access.getUser(req, res, (err,user) => { |
| 41 | if (!!err) |
| 42 | return res.json(err); |
| 43 | CourseModel.importStudents(req.user._id, ObjectId(cid), students, (err,ret) => { |
| 44 | access.checkRequest(res, err, ret, "Students addition failed", () => { |
| 45 | res.json({}); |
| 46 | }); |
| 47 | }); |
| 48 | }); |
| 49 | }); |
| 50 | |
| 51 | router.get('/courses/student', access.ajax, (req,res) => { |
| 52 | let cid = req.query["cid"]; |
| 53 | let number = req.query["number"]; |
| 54 | let error = validator({ _id: cid, students: [{number:number}] }, "Course"); |
| 55 | if (error.length > 0) |
| 56 | return res.json({errmsg:error}); |
| 57 | CourseModel.getStudent(ObjectId(cid), number, (err,ret) => { |
| 58 | access.checkRequest(res, err, ret, "Failed retrieving student", () => { |
| 59 | res.json({student: ret.students[0]}); |
| 60 | }); |
| 61 | }); |
| 62 | }); |
| 63 | |
| 64 | router.delete('/courses', access.ajax, access.logged, (req,res) => { |
| 65 | let cid = req.query["cid"]; |
| 66 | let error = validator({_id:cid}, "Course"); |
| 67 | if (error.length > 0) |
| 68 | return res.json({errmsg:error}); |
| 69 | CourseModel.remove(req.user._id, ObjectId(cid), (err,ret) => { |
| 70 | access.checkRequest(res, err, ret, "Course removal failed", () => { |
| 71 | res.json({}); |
| 72 | }); |
| 73 | }); |
| 74 | }); |
| 75 | |
| 76 | module.exports = router; |