From 902e7a4772a38fcbcdd5fe00e9ebdae03a48c307 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Mon, 17 Feb 2020 09:38:34 -0800
Subject: [PATCH] fix: Handle private attachments without documentId (migration
 process)

---
 server/api/attachments.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/server/api/attachments.js b/server/api/attachments.js
index 6fa3b3ef..f7553378 100644
--- a/server/api/attachments.js
+++ b/server/api/attachments.js
@@ -17,10 +17,12 @@ router.post('attachments.redirect', auth(), async ctx => {
   const attachment = await Attachment.findByPk(id);
 
   if (attachment.isPrivate) {
-    const document = await Document.findByPk(attachment.documentId, {
-      userId: user.id,
-    });
-    authorize(user, 'read', document);
+    if (attachment.documentId) {
+      const document = await Document.findByPk(attachment.documentId, {
+        userId: user.id,
+      });
+      authorize(user, 'read', document);
+    }
 
     const accessUrl = await getSignedImageUrl(attachment.key);
     ctx.redirect(accessUrl);