From 6cf45dc0722c7a1da11d37a8e3858656f133a431 Mon Sep 17 00:00:00 2001
From: Raphael Martinez <70238369+raphamartinez@users.noreply.github.com>
Date: Fri, 27 Jan 2023 14:28:56 -0300
Subject: [PATCH] docs(security): update deprecated method from @casl/ability

---
 content/security/authorization.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/security/authorization.md b/content/security/authorization.md
index 1aae181999..f62b48995b 100644
--- a/content/security/authorization.md
+++ b/content/security/authorization.md
@@ -234,16 +234,16 @@ With this in place, we can define the `createForUser()` method on the `CaslAbili
 ```typescript
 type Subjects = InferSubjects<typeof Article | typeof User> | 'all';
 
-export type AppAbility = Ability<[Action, Subjects]>;
+type AppAbility = MongoAbility<[Action, Subjects]>;
 
 @Injectable()
 export class CaslAbilityFactory {
   createForUser(user: User) {
-    const { can, cannot, build } = new AbilityBuilder<
-      Ability<[Action, Subjects]>
-    >(Ability as AbilityClass<AppAbility>);
+    const { can, cannot, build } = new AbilityBuilder<AppAbility>(
+      createMongoAbility,
+    );
 
-    if (user.isAdmin) {
+    if (user) {
       can(Action.Manage, 'all'); // read-write access to everything
     } else {
       can(Action.Read, 'all'); // read-only access to everything
@@ -253,7 +253,7 @@ export class CaslAbilityFactory {
     cannot(Action.Delete, Article, { isPublished: true });
 
     return build({
-      // Read https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types for details
+    // Read https://casl.js.org/v6/en/guide/subject-type-detection for details
       detectSubjectType: (item) =>
         item.constructor as ExtractSubjectType<Subjects>,
     });