Verify is user can delete message getting the message from db before

server/methods/deleteMessage.coffee

@@ -5,7 +5,12 @@ Meteor.methods
 
 		hasPermission = RocketChat.authz.hasPermission(Meteor.userId(), 'delete-message', message.rid)
 		deleteAllowed = RocketChat.settings.get 'Message_AllowDeleting'
-		deleteOwn = message?.u?._id is Meteor.userId()
+
+		originalMessage = ChatMessage.findOne message._id, {fields: {u: 1, rid: 1}}
+		if not originalMessage?
+			throw new Meteor.Error 'message-deleting-not-allowed', "[methods] deleteMessage -> Message with id [#{message._id} dos not exists]"
+
+		deleteOwn = originalMessage?.u?._id is Meteor.userId()
 
 		unless hasPermission or (deleteAllowed and deleteOwn)
 			throw new Meteor.Error 'message-deleting-not-allowed', "[methods] deleteMessage -> Message deleting not allowed"
@@ -15,13 +20,14 @@ Meteor.methods
 		keepHistory = RocketChat.settings.get 'Message_KeepHistory'
 		showDeletedStatus = RocketChat.settings.get 'Message_ShowDeletedStatus'
 
-		deleteQuery = 
-			_id: message._id
-		#deleteQuery['u._id'] = Meteor.userId() if user?.admin isnt true 
+		deleteQuery =
+			_id: originalMessage._id
+		deleteQuery['u._id'] = Meteor.userId() unless hasPermission
+		#deleteQuery['u._id'] = Meteor.userId() if user?.admin isnt true
 
 		if keepHistory
 			if showDeletedStatus
-				history = ChatMessage.findOne message._id
+				history = ChatMessage.findOne originalMessage._id
 				history._hidden = true
 				history.parent = history._id
 				history.ets = new Date()
@@ -43,4 +49,4 @@ Meteor.methods
 					t: 'rm'
 					ets: new Date()
 		else
-			RocketChat.Notifications.notifyRoom message.rid, 'deleteMessage', { _id: message._id }
+			RocketChat.Notifications.notifyRoom originalMessage.rid, 'deleteMessage', { _id: originalMessage._id }