fix(authorisation): inverted logic for empty

src/Foundation/Authorization.hs

@@ -1488,7 +1488,7 @@ tagAccessPredicate AuthEmpty = APDB $ \evalCtx eval' mAuthId route _ -> do
             cID <- encrypt wwId
             let route' = _WorkflowScopeRoute # (rScope', WorkflowWorkflowR cID WWWorkflowR)
             lift . evalWriterT $ evalWorkflowRoleFor' eval' mAuthId (Just wwId) role route' False
-        guardM . fmap (is _Authorized) $ ofoldl1' orAR' . mapNonNull evalRole =<< hoistMaybe (fromNullable $ otoList roles)
+        guardM . fmap (isn't _Authorized) $ ofoldl1' orAR' . mapNonNull evalRole =<< hoistMaybe (fromNullable $ otoList roles)
         return AuthorizedI18n
    in case route of
         r | Just (rScope, WorkflowInstanceR win WIWorkflowsR) <- r ^? _WorkflowScopeRoute