From cd1f122502acde7465d7fd1a5f0694ef27022682 Mon Sep 17 00:00:00 2001
From: Gisle Aune <dev@gisle.me>
Date: Sat, 22 Sep 2018 15:31:53 +0200
Subject: [PATCH] graph2: Fixed inverse permission checks in story mutations.

---
 graph2/queries/story.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/graph2/queries/story.go b/graph2/queries/story.go
index cf03139..d0f63e9 100644
--- a/graph2/queries/story.go
+++ b/graph2/queries/story.go
@@ -68,7 +68,7 @@ func (r *mutationResolver) AddStoryTag(ctx context.Context, input input.StoryTag
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to edit this story")
 	}
 
@@ -83,7 +83,7 @@ func (r *mutationResolver) RemoveStoryTag(ctx context.Context, input input.Story
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to edit this story")
 	}
 
@@ -98,7 +98,7 @@ func (r *mutationResolver) EditStory(ctx context.Context, input input.StoryEditI
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if token.PermittedUser(story.Author, "member", "story.edit") {
+	if !token.PermittedUser(story.Author, "member", "story.edit") {
 		return models.Story{}, errors.New("You are not permitted to remove this story")
 	}
 
@@ -117,7 +117,7 @@ func (r *mutationResolver) RemoveStory(ctx context.Context, input input.StoryRem
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if token.PermittedUser(story.Author, "member", "story.remove") {
+	if !token.PermittedUser(story.Author, "member", "story.remove") {
 		return models.Story{}, errors.New("You are not permitted to remove this story")
 	}