From 0b86714984d75b2f618330e07709eebae51825a5 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Mon, 24 Feb 2020 23:16:24 -0800
Subject: [PATCH] fix: Newly created private collections do not return correct
 policies (#1188)

closes #1185
---
 server/api/collections.js      | 14 +++++++++++---
 server/api/collections.test.js | 18 +++++++++++++++++-
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/server/api/collections.js b/server/api/collections.js
index ffafed4f8..7d6b100b7 100644
--- a/server/api/collections.js
+++ b/server/api/collections.js
@@ -22,15 +22,16 @@ const router = new Router();
 router.post('collections.create', auth(), async ctx => {
   const { name, color, description, type } = ctx.body;
   const isPrivate = ctx.body.private;
-
   ctx.assertPresent(name, 'name is required');
-  if (color)
+
+  if (color) {
     ctx.assertHexColor(color, 'Invalid hex value (please use format #FFFFFF)');
+  }
 
   const user = ctx.state.user;
   authorize(user, 'create', Collection);
 
-  const collection = await Collection.create({
+  let collection = await Collection.create({
     name,
     description,
     color,
@@ -49,6 +50,13 @@ router.post('collections.create', auth(), async ctx => {
     ip: ctx.request.ip,
   });
 
+  // we must reload the collection to get memberships for policy presenter
+  if (isPrivate) {
+    collection = await Collection.scope({
+      method: ['withMembership', user.id],
+    }).findByPk(collection.id);
+  }
+
   ctx.body = {
     data: presentCollection(collection),
     policies: presentPolicies(user, [collection]),
diff --git a/server/api/collections.test.js b/server/api/collections.test.js
index 2c54b8a45..91f532bda 100644
--- a/server/api/collections.test.js
+++ b/server/api/collections.test.js
@@ -511,7 +511,7 @@ describe('#collections.create', async () => {
   it('should create collection', async () => {
     const { user } = await seed();
     const res = await server.post('/api/collections.create', {
-      body: { token: user.getJwtToken(), name: 'Test', type: 'atlas' },
+      body: { token: user.getJwtToken(), name: 'Test' },
     });
     const body = await res.json();
 
@@ -519,6 +519,22 @@ describe('#collections.create', async () => {
     expect(body.data.id).toBeTruthy();
     expect(body.data.name).toBe('Test');
     expect(body.policies.length).toBe(1);
+    expect(body.policies[0].abilities.read).toBeTruthy();
+    expect(body.policies[0].abilities.export).toBeTruthy();
+  });
+
+  it('should return correct policies with private collection', async () => {
+    const { user } = await seed();
+    const res = await server.post('/api/collections.create', {
+      body: { token: user.getJwtToken(), name: 'Test', private: true },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.private).toBeTruthy();
+    expect(body.policies.length).toBe(1);
+    expect(body.policies[0].abilities.read).toBeTruthy();
+    expect(body.policies[0].abilities.export).toBeTruthy();
   });
 });