allow <code class=...>, temporary MathJax fix, try to fix pre-filled inputs bug

[qomet.git] / routes / assessments.js

diff --git a/routes/assessments.js b/routes/assessments.js
index 559f08f..dc749ed 100644 (file)
--- a/routes/assessments.js
+++ b/routes/assessments.js
@@ -8,6 +8,10 @@ const params = require("../config/parameters");
 const validator = require("../public/javascripts/utils/validation");
 const ObjectId = require("bson-objectid");
 const sanitizeHtml = require('sanitize-html');
+const sanitizeOpts = {
+       allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]),
+       allowedAttributes: { code: [ 'class' ] },
+};
 
 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
        const name = req.query["name"];
@@ -27,7 +31,6 @@ router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
        let error = validator(assessment, "Assessment");
        if (error.length > 0)
                return res.json({errmsg:error});
-       const sanitizeOpts = {allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]) };
        assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
        assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
        assessment.questions.forEach( q => {
@@ -47,17 +50,21 @@ router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
 router.get("/start/assessment", access.ajax, (req,res) => {
        let number = req.query["number"];
        let aid = req.query["aid"];
-       let error = validator({ _id:aid, papers:[{number:number}] }, "Assessment");
+       let password = req.cookies["password"]; //potentially from cookies, resuming
+       let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
        if (error.length > 0)
                return res.json({errmsg:error});
-       AssessmentModel.startSession(ObjectId(aid), number, (err,ret) => {
+       AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
                access.checkRequest(res,err,ret,"Failed session initialization", () => {
-                       // Set password
-                       res.cookie("password", ret.password, {
-                               httpOnly: true,
-                               maxAge: params.cookieExpire,
-                       });
-                       res.json(ret); //contains questions+password
+                       if (!password)
+                       {
+                               // Set password
+                               res.cookie("password", ret.password, {
+                                       httpOnly: true,
+                                       maxAge: params.cookieExpire,
+                               });
+                       }
+                       res.json(ret); //contains questions+password(or paper if resuming)
                });
        });
 });
@@ -70,7 +77,7 @@ router.get("/send/answer", access.ajax, (req,res) => {
        let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
        if (error.length > 0)
                return res.json({errmsg:error});
-       AssessmentEntity.setInput(ObjectId(aid), number, password, input, (err,ret) => {
+       AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
                access.checkRequest(res,err,ret,"Cannot send answer", () => {
                        res.json({});
                });