'update'
[qomet.git] / routes / evaluations.js
1 let router = require("express").Router();
2 const access = require("../utils/access");
3 const UserModel = require("../models/user");
4 const EvaluationModel = require("../models/evaluation");
5 const CourseModel = require("../models/course");
6 const params = require("../config/parameters");
7 const validator = require("../public/javascripts/utils/validation");
8 const ObjectId = require("bson-objectid");
9 const sanitizeHtml = require('sanitize-html');
10 const sanitizeOpts = {
11 allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
12 allowedAttributes: {
13 img: [ 'src','style' ],
14 code: [ 'class' ],
15 table: [ 'class' ],
16 div: [ 'style' ],
17 },
18 };
19
20 router.post("/evaluations", access.ajax, access.logged, (req,res) => {
21 const name = req.body["name"];
22 const cid = req.body["cid"];
23 let error = validator({cid:cid, name:name}, "Evaluation");
24 if (error.length > 0)
25 return res.json({errmsg:error});
26 EvaluationModel.add(req.user._id, ObjectId(cid), name, (err,evaluation) => {
27 access.checkRequest(res, err, evaluation, "Evaluation addition failed", () => {
28 res.json(evaluation);
29 });
30 });
31 });
32
33 router.put("/evaluations", access.ajax, access.logged, (req,res) => {
34 const evaluation = JSON.parse(req.body["evaluation"]);
35 let error = validator(evaluation, "Evaluation");
36 if (error.length > 0)
37 return res.json({errmsg:error});
38 evaluation.introduction = sanitizeHtml(evaluation.introduction, sanitizeOpts);
39 evaluation.questions.forEach( q => {
40 q.wording = sanitizeHtml(q.wording, sanitizeOpts);
41 //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
42 for (let i=0; i<q.options.length; i++) //if QCM
43 q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
44 });
45 EvaluationModel.update(req.user._id, evaluation, (err,ret) => {
46 access.checkRequest(res, err, ret, "Evaluation update failed", () => {
47 res.json({});
48 });
49 });
50 });
51
52 // Generate and set student password, return it
53 router.put("/evaluations/start", access.ajax, (req,res) => {
54 let number = req.body["number"];
55 let eid = req.body["eid"];
56 let password = req.cookies["password"]; //potentially from cookies, resuming
57 let error = validator({ _id:eid, papers:[{number:number,password:password || "samplePwd"}] }, "Evaluation");
58 if (error.length > 0)
59 return res.json({errmsg:error});
60 EvaluationModel.startSession(ObjectId(eid), number, password, (err,ret) => {
61 access.checkRequest(res,err,ret,"Failed session initialization", () => {
62 if (!password)
63 {
64 // Set password
65 res.cookie("password", ret.password, {
66 httpOnly: true,
67 maxAge: params.cookieExpire,
68 });
69 }
70 res.json(ret); //contains password (or paper if resuming)
71 });
72 });
73 });
74
75 router.get("/evaluations/monitor", access.ajax, (req,res) => {
76 const password = req.query["password"];
77 const examName = req.query["aname"];
78 const courseCode = req.query["ccode"];
79 const initials = req.query["initials"];
80 // TODO: sanity checks
81 CourseModel.getByRefs(initials, courseCode, (err,course) => {
82 access.checkRequest(res,err,course,"Course not found", () => {
83 if (password != course.password)
84 return res.json({errmsg: "Wrong password"});
85 EvaluationModel.getByRefs(initials, courseCode, examName, (err2,evaluation) => {
86 access.checkRequest(res,err2,evaluation,"Evaluation not found", () => {
87 res.json({
88 students: course.students,
89 evaluation: evaluation,
90 secret: params.secret,
91 });
92 });
93 });
94 });
95 });
96 });
97
98 router.put("/evaluations/answer", access.ajax, (req,res) => {
99 let eid = req.body["eid"];
100 let number = req.body["number"];
101 let password = req.body["password"];
102 let input = JSON.parse(req.body["answer"]);
103 let error = validator({ _id:eid, papers:[{number:number,password:password,inputs:[input]}] }, "Evaluation");
104 if (error.length > 0)
105 return res.json({errmsg:error});
106 EvaluationModel.newAnswer(ObjectId(eid), number, password, input, (err,ret) => {
107 access.checkRequest(res,err,ret,"Cannot send answer", () => {
108 res.json({});
109 });
110 });
111 });
112
113 router.put("/evaluations/end", access.ajax, (req,res) => {
114 let eid = req.body["eid"];
115 let number = req.body["number"];
116 let password = req.body["password"];
117 let error = validator({ _id:eid, papers:[{number:number,password:password}] }, "Evaluation");
118 if (error.length > 0)
119 return res.json({errmsg:error});
120 // Destroy pwd, set endTime
121 EvaluationModel.endEvaluation(ObjectId(eid), number, password, (err,ret) => {
122 access.checkRequest(res,err,ret,"Cannot end evaluation", () => {
123 res.clearCookie('password');
124 res.json({});
125 });
126 });
127 });
128
129 module.exports = router;