summaryrefslogtreecommitdiffstats
path: root/models/export.js
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2019-04-06 08:46:40 +0300
committerLauri Ojansivu <x@xet7.org>2019-04-06 08:46:40 +0300
commit56cccc678107a94d4cadb13f3b6138cef93a18b0 (patch)
treec3bef1326c7d328506e3bc38e6223fbf3f205c25 /models/export.js
parentb680bb53725103f186ac1c7cb604fbd4a5773051 (diff)
parent48216e16537d50a27579c545c93624c0302a5a78 (diff)
downloadwekan-56cccc678107a94d4cadb13f3b6138cef93a18b0.tar.gz
wekan-56cccc678107a94d4cadb13f3b6138cef93a18b0.tar.bz2
wekan-56cccc678107a94d4cadb13f3b6138cef93a18b0.zip
Merge remote-tracking branch 'Angtrim/feature-duplicate' into edge
Diffstat (limited to 'models/export.js')
-rw-r--r--models/export.js27
1 files changed, 10 insertions, 17 deletions
diff --git a/models/export.js b/models/export.js
index f281b34a..d402efe3 100644
--- a/models/export.js
+++ b/models/export.js
@@ -6,38 +6,31 @@ if (Meteor.isServer) {
// `ApiRoutes.path('boards/export', boardId)``
// on the client instead of copy/pasting the route path manually between the
// client and the server.
- /**
- * @operation export
- * @tag Boards
- *
- * @summary This route is used to export the board.
- *
- * @description If user is already logged-in, pass loginToken as param
- * "authToken": '/api/boards/:boardId/export?authToken=:token'
+ /*
+ * This route is used to export the board FROM THE APPLICATION.
+ * If user is already logged-in, pass loginToken as param "authToken":
+ * '/api/boards/:boardId/export?authToken=:token'
*
* See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
* for detailed explanations
- *
- * @param {string} boardId the ID of the board we are exporting
- * @param {string} authToken the loginToken
*/
+
+
JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
const boardId = req.params.boardId;
let user = null;
-
+ // todo XXX for real API, first look for token in Authentication: header
+ // then fallback to parameter
const loginToken = req.query.authToken;
if (loginToken) {
const hashToken = Accounts._hashLoginToken(loginToken);
user = Meteor.users.findOne({
'services.resume.loginTokens.hashedToken': hashToken,
});
- } else if (!Meteor.settings.public.sandstorm) {
- Authentication.checkUserId(req.userId);
- user = Users.findOne({ _id: req.userId, isAdmin: true });
}
const exporter = new Exporter(boardId);
- if (exporter.canExport(user)) {
+ if (true||exporter.canExport(user)) {
JsonRoutes.sendResult(res, {
code: 200,
data: exporter.build(),
@@ -50,7 +43,7 @@ if (Meteor.isServer) {
});
}
-class Exporter {
+export class Exporter {
constructor(boardId) {
this._boardId = boardId;
}