From 266f8c96c4a9fbe3b1748976cbfe833f225f28e0 Mon Sep 17 00:00:00 2001
From: Nan Yu <nan@getoutline.com>
Date: Wed, 19 Jan 2022 18:24:25 -0800
Subject: [PATCH] fix: issue-2956 (#2957)

---
 app/scenes/Document/components/SharePopover.tsx | 2 +-
 server/models/Collection.ts                     | 6 +++++-
 server/models/Share.ts                          | 2 +-
 server/policies/share.ts                        | 1 +
 server/routes/api/shares.ts                     | 1 +
 5 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/scenes/Document/components/SharePopover.tsx b/app/scenes/Document/components/SharePopover.tsx
index e96c199fc..db634bbad 100644
--- a/app/scenes/Document/components/SharePopover.tsx
+++ b/app/scenes/Document/components/SharePopover.tsx
@@ -165,7 +165,7 @@ function SharePopover({
         <HelpText>{t("Only team members with permission can view")}</HelpText>
       )}
 
-      {canPublish && share?.published && (
+      {canPublish && share?.published && !document.isDraft && (
         <SwitchWrapper>
           <Switch
             id="includeChildDocuments"
diff --git a/server/models/Collection.ts b/server/models/Collection.ts
index bc8afd7b0..fe479a346 100644
--- a/server/models/Collection.ts
+++ b/server/models/Collection.ts
@@ -360,7 +360,7 @@ class Collection extends ParanoidModel {
       direction: "asc",
     };
 
-    let result!: NavigationNode;
+    let result!: NavigationNode | undefined;
 
     const loopChildren = (documents: NavigationNode[]) => {
       if (result) {
@@ -384,6 +384,10 @@ class Collection extends ParanoidModel {
     // but the only place it's used passes straight into an API response
     // so the extra indirection is not worthwhile
     loopChildren(this.documentStructure);
+
+    // if the document is a draft loopChildren will not find it in the structure
+    if (!result) return null;
+
     return {
       ...result,
       children: sortNavigationNodes(result.children, sort),
diff --git a/server/models/Share.ts b/server/models/Share.ts
index 45c897c35..148c80637 100644
--- a/server/models/Share.ts
+++ b/server/models/Share.ts
@@ -34,7 +34,7 @@ import Fix from "./decorators/Fix";
     return {
       include: [
         {
-          model: Document,
+          model: Document.scope("withUnpublished"),
           paranoid: true,
           as: "document",
           include: [
diff --git a/server/policies/share.ts b/server/policies/share.ts
index 449f29ee9..0b1da3e73 100644
--- a/server/policies/share.ts
+++ b/server/policies/share.ts
@@ -10,6 +10,7 @@ allow(User, "update", Share, (user, share) => {
 
   // only the user who can share the document publicly can update the share.
   if (cannot(user, "share", share.document)) return false;
+
   return user.teamId === share.teamId;
 });
 
diff --git a/server/routes/api/shares.ts b/server/routes/api/shares.ts
index 5eaac7a2b..fe31e8037 100644
--- a/server/routes/api/shares.ts
+++ b/server/routes/api/shares.ts
@@ -168,6 +168,7 @@ router.post("shares.update", auth(), async (ctx) => {
   const { user } = ctx.state;
   const team = await Team.findByPk(user.teamId);
   authorize(user, "share", team);
+
   // fetch the share with document and collection.
   const share = await Share.scope({
     method: ["withCollection", user.id],