X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=routes%2Fassessments.js;h=03e483e1dcb70935f225fe99f0c38b1962ddd131;hb=73609d3bc662cf4c8a21746c5d1ad736ea0eecbd;hp=dc749ed5503cfc872898068ba5776607fb903142;hpb=6bf4a38e1a82fdcdf1d2742a3e8937b26fe2e873;p=qomet.git

diff --git a/routes/assessments.js b/routes/assessments.js
index dc749ed..03e483e 100644
--- a/routes/assessments.js
+++ b/routes/assessments.js
@@ -2,20 +2,24 @@ let router = require("express").Router();
 const access = require("../utils/access");
 const UserModel = require("../models/user");
 const AssessmentModel = require("../models/assessment");
-const AssessmentEntity = require("../entities/assessment");
 const CourseModel = require("../models/course");
 const params = require("../config/parameters");
 const validator = require("../public/javascripts/utils/validation");
 const ObjectId = require("bson-objectid");
 const sanitizeHtml = require('sanitize-html');
 const sanitizeOpts = {
-	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]),
-	allowedAttributes: { code: [ 'class' ] },
+	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
+	allowedAttributes: {
+		img: [ 'src','style' ],
+		code: [ 'class' ],
+		table: [ 'class' ],
+		div: [ 'style' ],
+	},
 };
 
-router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
-	const name = req.query["name"];
-	const cid = req.query["cid"];
+router.post("/assessments", access.ajax, access.logged, (req,res) => {
+	const name = req.body["name"];
+	const cid = req.body["cid"];
 	let error = validator({cid:cid, name:name}, "Assessment");
 	if (error.length > 0)
 		return res.json({errmsg:error});
@@ -26,13 +30,12 @@ router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
 	});
 });
 
-router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
+router.put("/assessments", access.ajax, access.logged, (req,res) => {
 	const assessment = JSON.parse(req.body["assessment"]);
 	let error = validator(assessment, "Assessment");
 	if (error.length > 0)
 		return res.json({errmsg:error});
 	assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
-	assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
 	assessment.questions.forEach( q => {
 		q.wording = sanitizeHtml(q.wording, sanitizeOpts);
 		//q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
@@ -47,9 +50,9 @@ router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
 });
 
 // Generate and set student password, return it
-router.get("/start/assessment", access.ajax, (req,res) => {
-	let number = req.query["number"];
-	let aid = req.query["aid"];
+router.put("/assessments/start", access.ajax, (req,res) => {
+	let number = req.body["number"];
+	let aid = req.body["aid"];
 	let password = req.cookies["password"]; //potentially from cookies, resuming
 	let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
 	if (error.length > 0)
@@ -64,16 +67,39 @@ router.get("/start/assessment", access.ajax, (req,res) => {
 					maxAge: params.cookieExpire,
 				});
 			}
-			res.json(ret); //contains questions+password(or paper if resuming)
+			res.json(ret); //contains password (or paper if resuming)
 		});
 	});
 });
 
-router.get("/send/answer", access.ajax, (req,res) => {
-	let aid = req.query["aid"];
-	let number = req.query["number"];
-	let password = req.query["password"];
-	let input = JSON.parse(req.query["answer"]);
+router.get("/assessments/monitor", access.ajax, (req,res) => {
+	const password = req.query["password"];
+	const examName = req.query["aname"];
+	const courseCode = req.query["ccode"];
+	const initials = req.query["initials"];
+	// TODO: sanity checks
+	CourseModel.getByRefs(initials, courseCode, (err,course) => {
+		access.checkRequest(res,err,course,"Course not found", () => {
+			if (password != course.password)
+				return res.json({errmsg: "Wrong password"});
+			AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
+				access.checkRequest(res,err2,assessment,"Assessment not found", () => {
+					res.json({
+						students: course.students,
+						assessment: assessment,
+						secret: params.secret,
+					});
+				});
+			});
+		});
+	});
+});
+
+router.put("/assessments/answer", access.ajax, (req,res) => {
+	let aid = req.body["aid"];
+	let number = req.body["number"];
+	let password = req.body["password"];
+	let input = JSON.parse(req.body["answer"]);
 	let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
 	if (error.length > 0)
 		return res.json({errmsg:error});
@@ -84,18 +110,18 @@ router.get("/send/answer", access.ajax, (req,res) => {
 	});
 });
 
-router.get("/end/assessment", access.ajax, (req,res) => {
-	let aid = req.query["aid"];
-	let number = req.query["number"];
-	let password = req.query["password"];
+router.put("/assessments/end", access.ajax, (req,res) => {
+	let aid = req.body["aid"];
+	let number = req.body["number"];
+	let password = req.body["password"];
 	let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
 	if (error.length > 0)
 		return res.json({errmsg:error});
-	// Destroy pwd, set endTime, return conclusion
-	AssessmentModel.endSession(ObjectId(aid), number, password, (err,conclusion) => {
-		access.checkRequest(res,err,conclusion,"Cannot end assessment", () => {
+	// Destroy pwd, set endTime
+	AssessmentModel.endAssessment(ObjectId(aid), number, password, (err,ret) => {
+		access.checkRequest(res,err,ret,"Cannot end assessment", () => {
 			res.clearCookie('password');
-			res.json(conclusion);
+			res.json({});
 		});
 	});
 });