diff --git a/server/policies/document.ts b/server/policies/document.ts
index 21f870694..82f4fd9b2 100644
--- a/server/policies/document.ts
+++ b/server/policies/document.ts
@@ -19,7 +19,7 @@ allow(User, ["read", "download"], Document, (user, document) => {
   return user.teamId === document.teamId;
 });
 
-allow(User, ["star", "unstar"], Document, (user, document) => {
+allow(User, "star", Document, (user, document) => {
   if (!document) return false;
   if (document.archivedAt) return false;
   if (document.deletedAt) return false;
@@ -32,6 +32,17 @@ allow(User, ["star", "unstar"], Document, (user, document) => {
   return user.teamId === document.teamId;
 });
 
+allow(User, "unstar", Document, (user, document) => {
+  if (!document) return false;
+  if (document.template) return false;
+  invariant(
+    document.collection,
+    "collection is missing, did you forget to include in the query scope?"
+  );
+  if (cannot(user, "read", document.collection)) return false;
+  return user.teamId === document.teamId;
+});
+
 allow(User, "share", Document, (user, document) => {
   if (!document) return false;
   if (document.archivedAt) return false;