graph2: Fixed chapter using story permissions.

graph2/queries/chapter.go

@@ -28,7 +28,7 @@ func (r *mutationResolver) AddChapter(ctx context.Context, input input.ChapterAd
 	}
 
 	token := auth.TokenFromContext(ctx)
-	if !token.Authenticated() {
+	if !token.Permitted("member", "story.add") {
 		return models.Chapter{}, errors.New("Unauthorized")
 	}
 
@@ -55,7 +55,7 @@ func (r *mutationResolver) EditChapter(ctx context.Context, input input.ChapterE
 	}
 
 	token := auth.TokenFromContext(ctx)
-	if !token.Authenticated() || !token.PermittedUser(chapter.Author, "member", "story.edit") {
+	if !token.Authenticated() || !token.PermittedUser(chapter.Author, "member", "chapter.edit") {
 		return models.Chapter{}, errors.New("Unauthorized")
 	}
 
@@ -73,7 +73,7 @@ func (r *mutationResolver) RemoveChapter(ctx context.Context, input input.Chapte
 	}
 
 	token := auth.TokenFromContext(ctx)
-	if !token.Authenticated() || !token.PermittedUser(chapter.Author, "member", "story.remove") {
+	if !token.Authenticated() || !token.PermittedUser(chapter.Author, "member", "chapter.remove") {
 		return models.Chapter{}, errors.New("Unauthorized")
 	}