From 65814c005e2637bb5f6347bf1f35133654538e7a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gregor.kleen@ifi.lmu.de>
Date: Sat, 13 Mar 2021 17:53:44 +0100
Subject: [PATCH] fix(authorisation): inverted logic for empty

---
 src/Foundation/Authorization.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Foundation/Authorization.hs b/src/Foundation/Authorization.hs
index 6b16505a2..8ea01d228 100644
--- a/src/Foundation/Authorization.hs
+++ b/src/Foundation/Authorization.hs
@@ -1488,7 +1488,7 @@ tagAccessPredicate AuthEmpty = APDB $ \evalCtx eval' mAuthId route _ -> do
             cID <- encrypt wwId
             let route' = _WorkflowScopeRoute # (rScope', WorkflowWorkflowR cID WWWorkflowR)
             lift . evalWriterT $ evalWorkflowRoleFor' eval' mAuthId (Just wwId) role route' False
-        guardM . fmap (is _Authorized) $ ofoldl1' orAR' . mapNonNull evalRole =<< hoistMaybe (fromNullable $ otoList roles)
+        guardM . fmap (isn't _Authorized) $ ofoldl1' orAR' . mapNonNull evalRole =<< hoistMaybe (fromNullable $ otoList roles)
         return AuthorizedI18n
    in case route of
         r | Just (rScope, WorkflowInstanceR win WIWorkflowsR) <- r ^? _WorkflowScopeRoute