Policies authorization: legacy code or undefined rules

[sofyalaski]

Policies authorization: legacy code or undefined rules

Summary

Policies controller file includes authorization check based on these rules:

scicat-backend-next/src/policies/policies.controller.ts

Lines 89 to 90 in 3e4dc8b

	const canViewAll = ability.can(Action.ListAll, Policy);
	const canViewTheirOwn = ability.can(Action.ListOwn, Policy);

These rules, however, don't exist in the casl-ability.factory.ts. Since they don't exist, the ability would be evaluated to false. Then the whole function updateMergedFiltersForList in policies.controller.ts is redundant as it's main purpose is to modify the filters, which would only happen based on if condition that is never met.
This function is probably left there unchanged after some changes were made.
I don't know exactly what policies are supposed to do. So I don't quite understand if it's legacy code or something that was not restructured during changes.