You appear to be passing a post (e.g. a question) into that function, but that function doesn't take a post. It takes a permission level and tells you if the logged-in user can do that permission. So you'd need to remove the $row variable.
And you should probably be using qa_user_permit_error rather than the 'maximum' version (which is for a specialised case with categories).
However, it sounds like you want to check if a user can flag a particular post, not whether they can view the voters/flaggers like you have now. In which case you'd want qa_user_post_permit_error which does take a post:
qa_user_post_permit_error('permit_flag', $row);
