X-Git-Url: https://git.auder.net/?p=qomet.git;a=blobdiff_plain;f=routes%2Fassessments.js;h=a107d7e15e017a7a439646ff306853b88b61349f;hp=dc749ed5503cfc872898068ba5776607fb903142;hb=71d1ca9c594b64d959c608a2abbff926480abad5;hpb=f6648c37a3c13efbbc3b8c03c6ff725984c98843

diff --git a/routes/assessments.js b/routes/assessments.js
index dc749ed..a107d7e 100644
--- a/routes/assessments.js
+++ b/routes/assessments.js
@@ -9,8 +9,12 @@ const validator = require("../public/javascripts/utils/validation");
 const ObjectId = require("bson-objectid");
 const sanitizeHtml = require('sanitize-html');
 const sanitizeOpts = {
-	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]),
-	allowedAttributes: { code: [ 'class' ] },
+	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
+	allowedAttributes: {
+		img: [ 'src' ],
+		code: [ 'class' ],
+		table: [ 'class' ],
+	},
 };
 
 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
@@ -69,6 +73,29 @@ router.get("/start/assessment", access.ajax, (req,res) => {
 	});
 });
 
+router.get("/start/monitoring", access.ajax, (req,res) => {
+	const password = req.query["password"];
+	const examName = req.query["aname"];
+	const courseCode = req.query["ccode"];
+	const initials = req.query["initials"];
+	// TODO: sanity checks
+	CourseModel.getByRefs(initials, courseCode, (err,course) => {
+		access.checkRequest(res,err,course,"Course not found", () => {
+			if (password != course.password)
+				return res.json({errmsg: "Wrong password"});
+			AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
+				access.checkRequest(res,err2,assessment,"Assessment not found", () => {
+					res.json({
+						students: course.students,
+						assessment: assessment,
+						secret: params.secret,
+					});
+				});
+			});
+		});
+	});
+});
+
 router.get("/send/answer", access.ajax, (req,res) => {
 	let aid = req.query["aid"];
 	let number = req.query["number"];