Merge branch 'edge' into meteor-1.8

1 files changed, 9 insertions, 16 deletions

diff --git a/models/export.js b/models/export.js
index f281b34a..49aac828 100644
--- a/models/export.js
+++ b/models/export.js
@@ -6,34 +6,27 @@ if (Meteor.isServer) {
   // `ApiRoutes.path('boards/export', boardId)``
   // on the client instead of copy/pasting the route path manually between the
   // client and the server.
-  /**
-   * @operation export
-   * @tag Boards
-   *
-   * @summary This route is used to export the board.
-   *
-   * @description If user is already logged-in, pass loginToken as param
-   * "authToken": '/api/boards/:boardId/export?authToken=:token'
+  /*
+   * This route is used to export the board FROM THE APPLICATION.
+   * If user is already logged-in, pass loginToken as param "authToken":
+   * '/api/boards/:boardId/export?authToken=:token'
    *
    * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
    * for detailed explanations
-   *
-   * @param {string} boardId the ID of the board we are exporting
-   * @param {string} authToken the loginToken
    */
+
+
   JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
     const boardId = req.params.boardId;
     let user = null;
-
+    // todo XXX for real API, first look for token in Authentication: header
+    // then fallback to parameter
     const loginToken = req.query.authToken;
     if (loginToken) {
       const hashToken = Accounts._hashLoginToken(loginToken);
       user = Meteor.users.findOne({
         'services.resume.loginTokens.hashedToken': hashToken,
       });
-    } else if (!Meteor.settings.public.sandstorm) {
-      Authentication.checkUserId(req.userId);
-      user = Users.findOne({ _id: req.userId, isAdmin: true });
     }
 
     const exporter = new Exporter(boardId);
@@ -50,7 +43,7 @@ if (Meteor.isServer) {
   });
 }
 
-class Exporter {
+export class Exporter {
   constructor(boardId) {
     this._boardId = boardId;
   }