diff --git a/src/common/guards/roles.guard.ts b/src/common/guards/roles.guard.ts
index f36a0be..ef8b7ff 100644
--- a/src/common/guards/roles.guard.ts
+++ b/src/common/guards/roles.guard.ts
@@ -17,22 +17,19 @@ interface RequestWithUser extends Request {
 export class RolesGuard implements CanActivate {
   constructor(private reflector: Reflector) {}
 
-  canActivate(ctx: ExecutionContext): boolean {
-    const requiredRoles = this.reflector.get<Roles[]>(
-      ROLES_KEY,
-      ctx.getHandler(),
-    );
-    //for "deny-by-default" when role is wrong or unavailable
-    if (!requiredRoles || requiredRoles.length === 0) {
-      return false;
+  canActivate(context: ExecutionContext): boolean {
+    const roles = this.reflector.getAllAndOverride<Roles[]>(ROLES_KEY, [context.getHandler(), context.getClass()]);
+
+    if (!roles) {
+      return true;
     }
-    const request = ctx.switchToHttp().getRequest<RequestWithUser>();
+    const request = context.switchToHttp().getRequest<RequestWithUser>();
     const user = request.user;
 
     if (!user) {
       return false;
     }
-    if (!requiredRoles.includes(user.role)) {
+    if (!roles.includes(user.role)) {
       throw new ForbiddenException(
         `The role ${user.role} is not authorized to access this resource.`,
       );