From c6e8000bab54f4a32068578f750f4cf9d91bad89 Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Thu, 6 Jul 2023 13:50:10 +0000
Subject: [PATCH] fix(auth): overwrite Shield's PermissionFilter

---
 app/Config/Filters.php                    |  3 +-
 modules/Auth/Filters/PermissionFilter.php | 36 +++++++++++++++++++++--
 modules/Auth/Language/en/Auth.php         |  1 -
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 2146a1f8..14f947c6 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -29,7 +29,6 @@ class Filters extends BaseConfig
         'honeypot'       => Honeypot::class,
         'invalidchars'   => InvalidChars::class,
         'secureheaders'  => SecureHeaders::class,
-        'permission'     => PermissionFilter::class,
         'fediverse'      => FediverseFilter::class,
         'allow-cors'     => AllowCorsFilter::class,
         'rest-api'       => ApiFilter::class,
@@ -89,5 +88,7 @@ class Filters extends BaseConfig
                 'before' => ['*@*/episodes/*'],
             ],
         ];
+
+        $this->aliases['permission'] = PermissionFilter::class;
     }
 }
diff --git a/modules/Auth/Filters/PermissionFilter.php b/modules/Auth/Filters/PermissionFilter.php
index 282254b3..2e65271d 100644
--- a/modules/Auth/Filters/PermissionFilter.php
+++ b/modules/Auth/Filters/PermissionFilter.php
@@ -6,14 +6,46 @@ namespace Modules\Auth\Filters;
 
 use App\Entities\Podcast;
 use App\Models\PodcastModel;
-use CodeIgniter\Shield\Filters\AbstractAuthFilter;
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\Services;
+use RuntimeException;
 
 /**
  * Permission Authorization Filter.
  */
-class PermissionFilter extends AbstractAuthFilter
+class PermissionFilter implements FilterInterface
 {
+    /**
+     * @param string[]|null $arguments
+     * @return mixed
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        if ($arguments === null || $arguments === []) {
+            return;
+        }
+
+        if (! auth()->loggedIn()) {
+            return redirect()->route('login');
+        }
+
+        if ($this->isAuthorized($arguments)) {
+            return;
+        }
+
+        throw new RuntimeException(lang('Auth.notEnoughPrivilege'), 403);
+    }
+
+    /**
+     * @param string[]|null $arguments
+     * @return mixed
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
+    {
+    }
+
     /**
      * Ensures the user is logged in and has one or more
      * of the permissions as specified in the filter.
diff --git a/modules/Auth/Language/en/Auth.php b/modules/Auth/Language/en/Auth.php
index a47932e3..725b760b 100644
--- a/modules/Auth/Language/en/Auth.php
+++ b/modules/Auth/Language/en/Auth.php
@@ -85,7 +85,6 @@ return [
     // missing keys
     'code' => 'Your 6-digit code',
 
-    'notEnoughPrivilege' => 'You do not have sufficient permissions to access that page.',
     'set_password' => 'Set your password',
 
     // Welcome email