'update'
[qomet.git] / routes / assessments.js
1 let router = require("express").Router();
2 const access = require("../utils/access");
3 const UserModel = require("../models/user");
4 const AssessmentModel = require("../models/assessment");
5 const CourseModel = require("../models/course");
6 const params = require("../config/parameters");
7 const validator = require("../public/javascripts/utils/validation");
8 const ObjectId = require("bson-objectid");
9 const sanitizeHtml = require('sanitize-html');
10 const sanitizeOpts = {
11 allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
12 allowedAttributes: {
13 img: [ 'src','style' ],
14 code: [ 'class' ],
15 table: [ 'class' ],
16 div: [ 'style' ],
17 },
18 };
19
20 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
21 const name = req.query["name"];
22 const cid = req.query["cid"];
23 let error = validator({cid:cid, name:name}, "Assessment");
24 if (error.length > 0)
25 return res.json({errmsg:error});
26 AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
27 access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
28 res.json(assessment);
29 });
30 });
31 });
32
33 router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
34 const assessment = JSON.parse(req.body["assessment"]);
35 let error = validator(assessment, "Assessment");
36 if (error.length > 0)
37 return res.json({errmsg:error});
38 assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
39 assessment.questions.forEach( q => {
40 q.wording = sanitizeHtml(q.wording, sanitizeOpts);
41 //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
42 for (let i=0; i<q.options.length; i++) //if QCM
43 q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
44 });
45 AssessmentModel.update(req.user._id, assessment, (err,ret) => {
46 access.checkRequest(res, err, ret, "Assessment update failed", () => {
47 res.json({});
48 });
49 });
50 });
51
52 // Generate and set student password, return it
53 router.get("/start/assessment", access.ajax, (req,res) => {
54 let number = req.query["number"];
55 let aid = req.query["aid"];
56 let password = req.cookies["password"]; //potentially from cookies, resuming
57 let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
58 if (error.length > 0)
59 return res.json({errmsg:error});
60 AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
61 access.checkRequest(res,err,ret,"Failed session initialization", () => {
62 if (!password)
63 {
64 // Set password
65 res.cookie("password", ret.password, {
66 httpOnly: true,
67 maxAge: params.cookieExpire,
68 });
69 }
70 res.json(ret); //contains password (or paper if resuming)
71 });
72 });
73 });
74
75 router.get("/start/monitoring", access.ajax, (req,res) => {
76 const password = req.query["password"];
77 const examName = req.query["aname"];
78 const courseCode = req.query["ccode"];
79 const initials = req.query["initials"];
80 // TODO: sanity checks
81 CourseModel.getByRefs(initials, courseCode, (err,course) => {
82 access.checkRequest(res,err,course,"Course not found", () => {
83 if (password != course.password)
84 return res.json({errmsg: "Wrong password"});
85 AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
86 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
87 res.json({
88 students: course.students,
89 assessment: assessment,
90 secret: params.secret,
91 });
92 });
93 });
94 });
95 });
96 });
97
98 router.get("/send/answer", access.ajax, (req,res) => {
99 let aid = req.query["aid"];
100 let number = req.query["number"];
101 let password = req.query["password"];
102 let input = JSON.parse(req.query["answer"]);
103 let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
104 if (error.length > 0)
105 return res.json({errmsg:error});
106 AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
107 access.checkRequest(res,err,ret,"Cannot send answer", () => {
108 res.json({});
109 });
110 });
111 });
112
113 router.get("/end/assessment", access.ajax, (req,res) => {
114 let aid = req.query["aid"];
115 let number = req.query["number"];
116 let password = req.query["password"];
117 let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
118 if (error.length > 0)
119 return res.json({errmsg:error});
120 // Destroy pwd, set endTime
121 AssessmentModel.endAssessment(ObjectId(aid), number, password, (err,ret) => {
122 access.checkRequest(res,err,ret,"Cannot end assessment", () => {
123 res.clearCookie('password');
124 res.json({});
125 });
126 });
127 });
128
129 module.exports = router;