'update'
[qomet.git] / routes / courses.js
1 let router = require("express").Router();
2 const access = require("../utils/access.js");
3 const validator = require("../public/javascripts/utils/validation");
4 const sanitizeHtml = require('sanitize-html');
5 const ObjectId = require("bson-objectid");
6 const CourseModel = require("../models/course");
7
8 router.post('/courses', access.ajax, access.logged, (req,res) => {
9 let code = req.body["code"];
10 let description = sanitizeHtml(req.body["description"]);
11 let error = validator({code:code}, "Course");
12 if (error.length > 0)
13 return res.json({errmsg:error});
14 CourseModel.insert(req.user._id, code, description, (err,course) => {
15 access.checkRequest(res, err, course, "Course addition failed", () => {
16 res.json(course);
17 });
18 });
19 });
20
21 router.put("/courses/password", access.ajax, access.logged, (req,res) => {
22 let cid = req.body["cid"];
23 let pwd = req.body["pwd"];
24 let error = validator({password:pwd, _id:cid}, "Course");
25 if (error.length > 0)
26 return res.json({errmsg:error});
27 CourseModel.setPassword(req.user._id, ObjectId(cid), pwd, (err,ret) => {
28 access.checkRequest(res, err, ret, "password update failed", () => {
29 res.json({});
30 });
31 });
32 });
33
34 router.put('/courses/student-list', access.ajax, access.logged, (req,res) => {
35 let cid = req.body["cid"];
36 let students = JSON.parse(req.body["students"]);
37 let error = validator({_id:cid, students: students}, "Course");
38 if (error.length > 0)
39 return res.json({errmsg:error});
40 access.getUser(req, res, (err,user) => {
41 if (!!err)
42 return res.json(err);
43 CourseModel.importStudents(req.user._id, ObjectId(cid), students, (err,ret) => {
44 access.checkRequest(res, err, ret, "Students addition failed", () => {
45 res.json({});
46 });
47 });
48 });
49 });
50
51 router.get('/courses/student', access.ajax, (req,res) => {
52 let cid = req.query["cid"];
53 let number = req.query["number"];
54 let error = validator({ _id: cid, students: [{number:number}] }, "Course");
55 if (error.length > 0)
56 return res.json({errmsg:error});
57 CourseModel.getStudent(ObjectId(cid), number, (err,ret) => {
58 access.checkRequest(res, err, ret, "Failed retrieving student", () => {
59 res.json({student: ret.students[0]});
60 });
61 });
62 });
63
64 router.delete('/courses', access.ajax, access.logged, (req,res) => {
65 let cid = req.query["cid"];
66 let error = validator({_id:cid}, "Course");
67 if (error.length > 0)
68 return res.json({errmsg:error});
69 CourseModel.remove(req.user._id, ObjectId(cid), (err,ret) => {
70 access.checkRequest(res, err, ret, "Course removal failed", () => {
71 res.json({});
72 });
73 });
74 });
75
76 module.exports = router;