do not introspect the value of accessRestriction

if there are no users or groups, it simply means nobody can access it.
(maybe the admin is doing something on the cloudron and does not want
anyone to access it).

src/test/apps-test.js

@@ -225,7 +225,7 @@ describe('Apps', function () {
             expect(apps._validateAccessRestriction({ users: {} })).to.be.an(Error);
         });
 
-        it('does not allow no user input', function () {
+        it('allows no user input', function () {
             expect(apps._validateAccessRestriction({ users: [] })).to.be.an(Error);
         });