From 45a147548a324df874e59c2bcd96a7b522dcfaab Mon Sep 17 00:00:00 2001
From: floross <floross@users.noreply.github.com>
Date: Tue, 21 Mar 2023 10:16:58 +0100
Subject: [PATCH] fix: update how we handle the no policies and no user when
 dealing with permissions

---
 libs/nestjs/casl/src/guards/policies-guard.ts | 3 +++
 libs/nestjs/casl/src/services/casl.service.ts | 9 +++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libs/nestjs/casl/src/guards/policies-guard.ts b/libs/nestjs/casl/src/guards/policies-guard.ts
index 73862cfcd..a45b6b151 100644
--- a/libs/nestjs/casl/src/guards/policies-guard.ts
+++ b/libs/nestjs/casl/src/guards/policies-guard.ts
@@ -29,6 +29,9 @@ export class PoliciesGuard implements CanActivate {
         context.getHandler(),
       ) || [];
 
+    // If no policies are defined, allow the request
+    if (policyHandlers.length === 0) return true;
+
     const contextType: string = context.getType();
 
     // Skip the guard for rabbitmq requests
diff --git a/libs/nestjs/casl/src/services/casl.service.ts b/libs/nestjs/casl/src/services/casl.service.ts
index a1e6ba2ad..1aca2b1b4 100644
--- a/libs/nestjs/casl/src/services/casl.service.ts
+++ b/libs/nestjs/casl/src/services/casl.service.ts
@@ -27,13 +27,10 @@ export class CaslAbilityFactoryService {
 
     const { rolePermissions, publicPermissions } = this.caslOptions;
 
-    if (!user && publicPermissions) {
-      publicPermissions(builder);
-      return builder.build();
-    }
-
+    // If no user is provided, only allow public permissions
     if (!user) {
-      throw new UnauthorizedException();
+      if (typeof publicPermissions === 'function') publicPermissions(builder);
+      return builder.build();
     }
 
     const roles = this.getRoles(user);