refactor(api/utils): add isLoggedIn guard to story checks

lib/server/middlewareButNotReally/storyPrivileges.ts

@@ -1,14 +1,17 @@
 import type { H3Event, EventHandlerRequest } from "h3";
 import { IStory } from "~/models/stories";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
 export function canDelete(event: H3Event<EventHandlerRequest>, story: IStory) {
+	isLoggedIn(event);
 	return (
 		event.context.currentUser?.profile.isAdmin ||
 		story.author._id === event.context.currentUser?._id
 	);
 }
 export function canModify(event: H3Event<EventHandlerRequest>, story: IStory) {
+	isLoggedIn(event);
 	return (
 		event.context.currentUser?._id === story.author._id ||
-		story.coAuthor._id === event.context.currentUser?._id
+		story.coAuthor?._id === event.context.currentUser?._id
 	);
 }