Start thinking about generalization format + parametrization
[qomet.git] / routes / assessments.js
CommitLineData
e99c53fb
BA
1let router = require("express").Router();
2const access = require("../utils/access");
3const UserModel = require("../models/user");
4const AssessmentModel = require("../models/assessment");
5const AssessmentEntity = require("../entities/assessment");
6const CourseModel = require("../models/course");
7const params = require("../config/parameters");
8const validator = require("../public/javascripts/utils/validation");
9const ObjectId = require("bson-objectid");
10const sanitizeHtml = require('sanitize-html');
6bf4a38e 11const sanitizeOpts = {
71d1ca9c
BA
12 allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
13 allowedAttributes: {
8a2b3260 14 img: [ 'src','style' ],
71d1ca9c
BA
15 code: [ 'class' ],
16 table: [ 'class' ],
8a2b3260 17 div: [ 'style' ],
71d1ca9c 18 },
6bf4a38e 19};
e99c53fb
BA
20
21router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
22 const name = req.query["name"];
23 const cid = req.query["cid"];
24 let error = validator({cid:cid, name:name}, "Assessment");
25 if (error.length > 0)
26 return res.json({errmsg:error});
27 AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
28 access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
29 res.json(assessment);
30 });
31 });
32});
33
34router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
35 const assessment = JSON.parse(req.body["assessment"]);
36 let error = validator(assessment, "Assessment");
37 if (error.length > 0)
38 return res.json({errmsg:error});
e99c53fb
BA
39 assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
40 assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
41 assessment.questions.forEach( q => {
42 q.wording = sanitizeHtml(q.wording, sanitizeOpts);
43 //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
44 for (let i=0; i<q.options.length; i++) //if QCM
45 q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
46 });
47 AssessmentModel.update(req.user._id, assessment, (err,ret) => {
48 access.checkRequest(res, err, ret, "Assessment update failed", () => {
49 res.json({});
50 });
51 });
52});
53
54// Generate and set student password, return it
55router.get("/start/assessment", access.ajax, (req,res) => {
56 let number = req.query["number"];
57 let aid = req.query["aid"];
f03a2ad9
BA
58 let password = req.cookies["password"]; //potentially from cookies, resuming
59 let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
e99c53fb
BA
60 if (error.length > 0)
61 return res.json({errmsg:error});
f03a2ad9 62 AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
e99c53fb 63 access.checkRequest(res,err,ret,"Failed session initialization", () => {
f03a2ad9
BA
64 if (!password)
65 {
66 // Set password
67 res.cookie("password", ret.password, {
68 httpOnly: true,
69 maxAge: params.cookieExpire,
70 });
71 }
72 res.json(ret); //contains questions+password(or paper if resuming)
e99c53fb
BA
73 });
74 });
75});
76
71d1ca9c
BA
77router.get("/start/monitoring", access.ajax, (req,res) => {
78 const password = req.query["password"];
79 const examName = req.query["aname"];
80 const courseCode = req.query["ccode"];
81 const initials = req.query["initials"];
82 // TODO: sanity checks
83 CourseModel.getByRefs(initials, courseCode, (err,course) => {
84 access.checkRequest(res,err,course,"Course not found", () => {
85 if (password != course.password)
86 return res.json({errmsg: "Wrong password"});
87 AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
88 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
89 res.json({
90 students: course.students,
91 assessment: assessment,
92 secret: params.secret,
93 });
94 });
95 });
96 });
97 });
98});
99
e99c53fb
BA
100router.get("/send/answer", access.ajax, (req,res) => {
101 let aid = req.query["aid"];
102 let number = req.query["number"];
103 let password = req.query["password"];
104 let input = JSON.parse(req.query["answer"]);
105 let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
106 if (error.length > 0)
107 return res.json({errmsg:error});
f03a2ad9 108 AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
e99c53fb
BA
109 access.checkRequest(res,err,ret,"Cannot send answer", () => {
110 res.json({});
111 });
112 });
113});
114
115router.get("/end/assessment", access.ajax, (req,res) => {
116 let aid = req.query["aid"];
117 let number = req.query["number"];
118 let password = req.query["password"];
119 let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
120 if (error.length > 0)
121 return res.json({errmsg:error});
122 // Destroy pwd, set endTime, return conclusion
123 AssessmentModel.endSession(ObjectId(aid), number, password, (err,conclusion) => {
124 access.checkRequest(res,err,conclusion,"Cannot end assessment", () => {
125 res.clearCookie('password');
126 res.json(conclusion);
127 });
128 });
129});
130
131module.exports = router;