From 46c9a07b7ddfce2507ddffaca50d14086252e2d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=98=99=E2=97=A6=20The=20Tablet=20=E2=9D=80=20GamerGirla?=
 =?UTF-8?q?ndCo=20=E2=97=A6=E2=9D=A7?= <i.am.the.tablet@proton.me>
Date: Sat, 9 Dec 2023 17:00:22 -0500
Subject: [PATCH] refactor(api/utils): add `isLoggedIn` guard to story checks

---
 lib/server/middlewareButNotReally/storyPrivileges.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/server/middlewareButNotReally/storyPrivileges.ts b/lib/server/middlewareButNotReally/storyPrivileges.ts
index b9ac220..7ba7d50 100644
--- a/lib/server/middlewareButNotReally/storyPrivileges.ts
+++ b/lib/server/middlewareButNotReally/storyPrivileges.ts
@@ -1,14 +1,17 @@
 import type { H3Event, EventHandlerRequest } from "h3";
 import { IStory } from "~/models/stories";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
 export function canDelete(event: H3Event<EventHandlerRequest>, story: IStory) {
+	isLoggedIn(event);
 	return (
 		event.context.currentUser?.profile.isAdmin ||
 		story.author._id === event.context.currentUser?._id
 	);
 }
 export function canModify(event: H3Event<EventHandlerRequest>, story: IStory) {
+	isLoggedIn(event);
 	return (
 		event.context.currentUser?._id === story.author._id ||
-		story.coAuthor._id === event.context.currentUser?._id
+		story.coAuthor?._id === event.context.currentUser?._id
 	);
 }