graph2: Fixed inverse permission checks in story mutations.

6 years ago · cd1f122502
1 changed files with 4 additions and 4 deletions
--- a/graph2/queries/story.go
+++ b/graph2/queries/story.go
@ -68,7 +68,7 @@ func (r *mutationResolver) AddStoryTag(ctx context.Context, input input.StoryTag
 		return models.Story{}, errors.New("Story not found")
 	}

-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to edit this story")
 	}

@ -83,7 +83,7 @@ func (r *mutationResolver) RemoveStoryTag(ctx context.Context, input input.Story
 		return models.Story{}, errors.New("Story not found")
 	}

-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to edit this story")
 	}

@ -98,7 +98,7 @@ func (r *mutationResolver) EditStory(ctx context.Context, input input.StoryEditI
 		return models.Story{}, errors.New("Story not found")
 	}

-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to remove this story")
 	}

@ -117,7 +117,7 @@ func (r *mutationResolver) RemoveStory(ctx context.Context, input input.StoryRem
 		return models.Story{}, errors.New("Story not found")
 	}

-	if token.PermittedUser(story.Author, "member", "story.remove") {
+	if !token.PermittedUser(story.Author, "member", "story.remove") {
 		return models.Story{}, errors.New("You are not permitted to remove this story")
 	}