summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
Diffstat (limited to 'models')
-rw-r--r--models/export.js8
1 files changed, 5 insertions, 3 deletions
diff --git a/models/export.js b/models/export.js
index fa4894d9..50971c88 100644
--- a/models/export.js
+++ b/models/export.js
@@ -10,7 +10,7 @@ if (Meteor.isServer) {
* @operation export
* @tag Boards
*
- * @summary This route is used to export the board **FROM THE APPLICATION**.
+ * @summary This route is used to export the board.
*
* @description If user is already logged-in, pass loginToken as param
* "authToken": '/api/boards/:boardId/export?authToken=:token'
@@ -24,14 +24,16 @@ if (Meteor.isServer) {
JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
const boardId = req.params.boardId;
let user = null;
- // todo XXX for real API, first look for token in Authentication: header
- // then fallback to parameter
+
const loginToken = req.query.authToken;
if (loginToken) {
const hashToken = Accounts._hashLoginToken(loginToken);
user = Meteor.users.findOne({
'services.resume.loginTokens.hashedToken': hashToken,
});
+ } else {
+ Authentication.checkUserId(req.userId);
+ user = Users.findOne({ _id: req.userId, isAdmin: true });
}
const exporter = new Exporter(boardId);
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-03 13:32:19 +0000