From d557ef96acb91adfae39ce7c8e38104d13f94e29 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 19 May 2018 15:38:08 -0700
Subject: [PATCH] =?UTF-8?q?Fixes=20#649=20=E2=80=93=20cant=20delete=20a=20?=
 =?UTF-8?q?draft=20document=20that=20has=20had=20its=20collection=20previo?=
 =?UTF-8?q?usly=20removed?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../api/__snapshots__/documents.test.js.snap  |  9 +++++
 server/api/documents.js                       |  2 +-
 server/api/documents.test.js                  | 38 +++++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/server/api/__snapshots__/documents.test.js.snap b/server/api/__snapshots__/documents.test.js.snap
index eaf3a72b..b2dbf607 100644
--- a/server/api/__snapshots__/documents.test.js.snap
+++ b/server/api/__snapshots__/documents.test.js.snap
@@ -8,6 +8,15 @@ Object {
 }
 `;
 
+exports[`#documents.delete should require authentication 1`] = `
+Object {
+  "error": "authentication_required",
+  "message": "Authentication required",
+  "ok": false,
+  "status": 401,
+}
+`;
+
 exports[`#documents.list should require authentication 1`] = `
 Object {
   "error": "authentication_required",
diff --git a/server/api/documents.js b/server/api/documents.js
index f17e7bbb..90feba8f 100644
--- a/server/api/documents.js
+++ b/server/api/documents.js
@@ -412,7 +412,7 @@ router.post('documents.delete', auth(), async ctx => {
   authorize(ctx.state.user, 'delete', document);
 
   const collection = document.collection;
-  if (collection.type === 'atlas') {
+  if (collection && collection.type === 'atlas') {
     // Delete document and all of its children
     await collection.removeDocument(document);
   }
diff --git a/server/api/documents.test.js b/server/api/documents.test.js
index 20280ffb..2dcc67e4 100644
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -602,3 +602,41 @@ describe('#documents.update', async () => {
     expect(res.status).toEqual(403);
   });
 });
+
+describe('#documents.delete', async () => {
+  it('should allow deleting document', async () => {
+    const { user, document } = await seed();
+    const res = await server.post('/api/documents.delete', {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.success).toEqual(true);
+  });
+
+  it('should allow deleting document without collection', async () => {
+    const { user, document, collection } = await seed();
+
+    // delete collection without hooks to trigger document deletion
+    await collection.destroy({ hooks: false });
+    const res = await server.post('/api/documents.delete', {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.success).toEqual(true);
+  });
+
+  it('should require authentication', async () => {
+    const { document } = await seed();
+    const res = await server.post('/api/documents.delete', {
+      body: { id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(401);
+    expect(body).toMatchSnapshot();
+  });
+});