From e0b93c6b4ba6b1c03284331b610835366e1e9b49 Mon Sep 17 00:00:00 2001
From: Gisle Aune <dev@gisle.me>
Date: Sat, 12 Jan 2019 11:38:19 +0100
Subject: [PATCH] graph2: Changed story tagging permissions to allow anyone to
 tag open stories.

---
 graph2/queries/story.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/graph2/queries/story.go b/graph2/queries/story.go
index d7869b1..a857664 100644
--- a/graph2/queries/story.go
+++ b/graph2/queries/story.go
@@ -79,8 +79,14 @@ func (r *mutationResolver) AddStoryTag(ctx context.Context, input input.StoryTag
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if !token.PermittedUser(story.Author, "member", "story.edit") {
-		return models.Story{}, errors.New("You are not permitted to edit this story")
+	if story.Open {
+		if !token.Permitted("member") {
+			return models.Story{}, errors.New("You are not permitted to edit this story")
+		}
+	} else {
+		if !token.PermittedUser(story.Author, "member", "story.edit") {
+			return models.Story{}, errors.New("You are not permitted to edit this story")
+		}
 	}
 
 	story, err = stories.AddTag(story, input.Tag)
@@ -101,8 +107,14 @@ func (r *mutationResolver) RemoveStoryTag(ctx context.Context, input input.Story
 		return models.Story{}, errors.New("Story not found")
 	}
 
-	if !token.PermittedUser(story.Author, "member", "story.edit") {
-		return models.Story{}, errors.New("You are not permitted to edit this story")
+	if story.Open {
+		if !token.Permitted("member") {
+			return models.Story{}, errors.New("You are not permitted to edit this story")
+		}
+	} else {
+		if !token.PermittedUser(story.Author, "member", "story.edit") {
+			return models.Story{}, errors.New("You are not permitted to edit this story")
+		}
 	}
 
 	story, err = stories.RemoveTag(story, input.Tag)