Hi,
In that case, I would recommend some code modification yes.
Set a price in your product for everyone, without using ACL, and, for example, for the product page, add such code at the top of the file "quantity" of the view "product":
<?php $user = JFactory::getUser(); if($user->guest) return; ?>
That will remove the display of the add to cart button and the quantity input on the product page.
Note however that if the user know the URL to manually add a product to the cart ( the one in the "HTML add to cart link" button of the product edition page), he would still be able to add a product to the cart by calling that specific URL.
But then, you can add a security and add Access levels restrictions to your payment methods so that guest users don't have any payment methods available on the checkout, and thus preventing them from finishing an order even if they were to manually call the add to cart URL.