diff options
author | Benjamin Tissoires <benjamin.tissoires@redhat.com> | 2019-05-14 09:37:04 +0200 |
---|---|---|
committer | Benjamin Tissoires <benjamin.tissoires@redhat.com> | 2019-05-14 09:37:56 +0200 |
commit | 94c1367684bc4d36e3f6874cff0b7a39e2f72560 (patch) | |
tree | b5653075858eb09d02b3026d056919fa4aee665c /models | |
parent | 9bf19f81a48a2e30f32fbc71b2faaa8807d56cdb (diff) | |
download | wekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.tar.gz wekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.tar.bz2 wekan-94c1367684bc4d36e3f6874cff0b7a39e2f72560.zip |
Restore export API
Commit 477d71e0b90d1 was based on an older version of export.js, which
means it reverted a few changes that were made previously.
Fixes #2328
Diffstat (limited to 'models')
-rw-r--r-- | models/export.js | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/models/export.js b/models/export.js index 4f17d727..8e5ce786 100644 --- a/models/export.js +++ b/models/export.js @@ -6,27 +6,34 @@ if (Meteor.isServer) { // `ApiRoutes.path('boards/export', boardId)`` // on the client instead of copy/pasting the route path manually between the // client and the server. - /* - * This route is used to export the board FROM THE APPLICATION. - * If user is already logged-in, pass loginToken as param "authToken": - * '/api/boards/:boardId/export?authToken=:token' + /** + * @operation export + * @tag Boards + * + * @summary This route is used to export the board. + * + * @description If user is already logged-in, pass loginToken as param + * "authToken": '/api/boards/:boardId/export?authToken=:token' * * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ * for detailed explanations + * + * @param {string} boardId the ID of the board we are exporting + * @param {string} authToken the loginToken */ - - JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) { const boardId = req.params.boardId; let user = null; - // todo XXX for real API, first look for token in Authentication: header - // then fallback to parameter + const loginToken = req.query.authToken; if (loginToken) { const hashToken = Accounts._hashLoginToken(loginToken); user = Meteor.users.findOne({ 'services.resume.loginTokens.hashedToken': hashToken, }); + } else if (!Meteor.settings.public.sandstorm) { + Authentication.checkUserId(req.userId); + user = Users.findOne({ _id: req.userId, isAdmin: true }); } const exporter = new Exporter(boardId); |