summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Tissoires <benjamin.tissoires@redhat.com>2019-05-14 09:37:04 +0200
committerBenjamin Tissoires <benjamin.tissoires@redhat.com>2019-05-14 09:37:56 +0200
commit94c1367684bc4d36e3f6874cff0b7a39e2f72560 (patch)
treeb5653075858eb09d02b3026d056919fa4aee665c
parent9bf19f81a48a2e30f32fbc71b2faaa8807d56cdb (diff)
downloadwekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.tar.gz
wekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.tar.bz2
wekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.zip
Restore export API
Commit 477d71e0b90d1 was based on an older version of export.js, which means it reverted a few changes that were made previously. Fixes #2328
-rw-r--r--models/export.js23
1 files changed, 15 insertions, 8 deletions
diff --git a/models/export.js b/models/export.js
index 4f17d727..8e5ce786 100644
--- a/models/export.js
+++ b/models/export.js
@@ -6,27 +6,34 @@ if (Meteor.isServer) {
// `ApiRoutes.path('boards/export', boardId)``
// on the client instead of copy/pasting the route path manually between the
// client and the server.
- /*
- * This route is used to export the board FROM THE APPLICATION.
- * If user is already logged-in, pass loginToken as param "authToken":
- * '/api/boards/:boardId/export?authToken=:token'
+ /**
+ * @operation export
+ * @tag Boards
+ *
+ * @summary This route is used to export the board.
+ *
+ * @description If user is already logged-in, pass loginToken as param
+ * "authToken": '/api/boards/:boardId/export?authToken=:token'
*
* See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
* for detailed explanations
+ *
+ * @param {string} boardId the ID of the board we are exporting
+ * @param {string} authToken the loginToken
*/
-
-
JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
const boardId = req.params.boardId;
let user = null;
- // todo XXX for real API, first look for token in Authentication: header
- // then fallback to parameter
+
const loginToken = req.query.authToken;
if (loginToken) {
const hashToken = Accounts._hashLoginToken(loginToken);
user = Meteor.users.findOne({
'services.resume.loginTokens.hashedToken': hashToken,
});
+ } else if (!Meteor.settings.public.sandstorm) {
+ Authentication.checkUserId(req.userId);
+ user = Users.findOne({ _id: req.userId, isAdmin: true });
}
const exporter = new Exporter(boardId);