diff --git a/core/modules/server/routes/get-status.js b/core/modules/server/routes/get-status.js
index 8e3892aad..20549810b 100644
--- a/core/modules/server/routes/get-status.js
+++ b/core/modules/server/routes/get-status.js
@@ -20,7 +20,7 @@ exports.handler = function(request,response,state) {
 	response.writeHead(200, {"Content-Type": "application/json"});
 	var text = JSON.stringify({
 		username: state.authenticatedUsername || state.server.get("username") || "",
-		read_only: !state.server.isAuthorized("writers"),
+		read_only: !state.server.isAuthorized("writers",state.authenticatedUsername),
 		space: {
 			recipe: "default"
 		},
diff --git a/core/modules/server/server.js b/core/modules/server/server.js
index 535b42f72..65c05a7c3 100644
--- a/core/modules/server/server.js
+++ b/core/modules/server/server.js
@@ -158,7 +158,7 @@ Server.prototype.requestHandler = function(request,response) {
 			return;
 		}
 		// Authorize with the authenticated username
-		if(this.isAuthorized(authorizationType,state.authenticatedUsername)) {
+		if(!this.isAuthorized(authorizationType,state.authenticatedUsername)) {
 			response.writeHead(401,"'" + state.authenticatedUsername + "' is not authorized to access '" + this.servername + "'");
 			response.end();
 			return;