docs(security): update deprecated method from @casl/ability

content/security/authorization.md

@@ -234,16 +234,16 @@ With this in place, we can define the `createForUser()` method on the `CaslAbili
 ```typescript
 type Subjects = InferSubjects<typeof Article | typeof User> | 'all';
 
-export type AppAbility = Ability<[Action, Subjects]>;
+type AppAbility = MongoAbility<[Action, Subjects]>;
 
 @Injectable()
 export class CaslAbilityFactory {
   createForUser(user: User) {
-    const { can, cannot, build } = new AbilityBuilder<
-      Ability<[Action, Subjects]>
-    >(Ability as AbilityClass<AppAbility>);
+    const { can, cannot, build } = new AbilityBuilder<AppAbility>(
+      createMongoAbility,
+    );
 
-    if (user.isAdmin) {
+    if (user) {
       can(Action.Manage, 'all'); // read-write access to everything
     } else {
       can(Action.Read, 'all'); // read-only access to everything
@@ -253,7 +253,7 @@ export class CaslAbilityFactory {
     cannot(Action.Delete, Article, { isPublished: true });
 
     return build({
-      // Read https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types for details
+    // Read https://casl.js.org/v6/en/guide/subject-type-detection for details
       detectSubjectType: (item) =>
         item.constructor as ExtractSubjectType<Subjects>,
     });