Refactor to a common abstract auth filter.

Author: lonnieezell

src/Filters/AbstractAuthFilter.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CodeIgniter\Shield\Filters;
+
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\Response;
+use CodeIgniter\HTTP\ResponseInterface;
+
+/**
+ * Group Authorization Filter.
+ */
+abstract class AbstractAuthFilter implements FilterInterface
+{
+    /**
+     * Ensures the user is logged in and a member of one or
+     * more groups as specified in the filter.
+     *
+     * @param array|null $arguments
+     *
+     * @return RedirectResponse|void
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        if (empty($arguments)) {
+            return;
+        }
+
+        if (! auth()->loggedIn()) {
+            return redirect()->route('login');
+        }
+
+        if ($this->isAuthorized($arguments)) {
+            return;
+        }
+
+        // If the previous_url is from this site, then
+        // we can redirect back to it.
+        if (strpos(previous_url(), site_url()) === 0) {
+            return redirect()->back()->with('error', lang('Auth.notEnoughPrivilege'));
+        }
+
+        // Otherwise, we'll just send them to the home page.
+        return redirect()->to('/')->with('error', lang('Auth.notEnoughPrivilege'));
+    }
+
+    /**
+     * We don't have anything to do here.
+     *
+     * @param Response|ResponseInterface $response
+     * @param array|null                 $arguments
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
+    {
+        // Nothing required
+    }
+
+    abstract protected function isAuthorized(array $arguments): bool;
+}

src/Filters/GroupFilter.php

@@ -4,57 +4,17 @@
 
 namespace CodeIgniter\Shield\Filters;
 
-use CodeIgniter\Filters\FilterInterface;
-use CodeIgniter\HTTP\RedirectResponse;
-use CodeIgniter\HTTP\RequestInterface;
-use CodeIgniter\HTTP\Response;
-use CodeIgniter\HTTP\ResponseInterface;
-
 /**
  * Group Authorization Filter.
  */
-class GroupFilter implements FilterInterface
+class GroupFilter extends AbstractAuthFilter
 {
     /**
      * Ensures the user is logged in and a member of one or
      * more groups as specified in the filter.
-     *
-     * @param array|null $arguments
-     *
-     * @return RedirectResponse|void
-     */
-    public function before(RequestInterface $request, $arguments = null)
-    {
-        if (empty($arguments)) {
-            return;
-        }
-
-        if (! auth()->loggedIn()) {
-            return redirect()->route('login');
-        }
-
-        if (auth()->user()->inGroup(...$arguments)) {
-            return;
-        }
-
-        // If the previous_url is from this site, then
-        // we can redirect back to it.
-        if (strpos(previous_url(), site_url()) === 0) {
-            return redirect()->back()->with('error', lang('Auth.notEnoughPrivilege'));
-        }
-
-        // Otherwise, we'll just send them to the home page.
-        return redirect()->to('/')->with('error', lang('Auth.notEnoughPrivilege'));
-    }
-
-    /**
-     * We don't have anything to do here.
-     *
-     * @param Response|ResponseInterface $response
-     * @param array|null                 $arguments
      */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
+    protected function isAuthorized(array $arguments): bool
     {
-        // Nothing required
+        return auth()->user()->inGroup(...$arguments);
     }
 }

src/Filters/PermissionFilter.php

@@ -4,59 +4,23 @@
 
 namespace CodeIgniter\Shield\Filters;
 
-use CodeIgniter\Filters\FilterInterface;
-use CodeIgniter\HTTP\RedirectResponse;
-use CodeIgniter\HTTP\RequestInterface;
-use CodeIgniter\HTTP\Response;
-use CodeIgniter\HTTP\ResponseInterface;
-
 /**
  * Permission Authorization Filter.
  */
-class PermissionFilter implements FilterInterface
+class PermissionFilter extends AbstractAuthFilter
 {
     /**
-     * Ensures the user is logged in and has one or
-     * more permissions as specified in the filter.
-     *
-     * @param array|null $arguments
-     *
-     * @return RedirectResponse|void
+     * Ensures the user is logged in and has one or more
+     * of the permissions as specified in the filter.
      */
-    public function before(RequestInterface $request, $arguments = null)
+    protected function isAuthorized(array $arguments): bool
     {
-        if (empty($arguments)) {
-            return;
-        }
-
-        if (! auth()->loggedIn()) {
-            return redirect()->route('login');
-        }
-
         foreach ($arguments as $permission) {
             if (auth()->user()->can($permission)) {
-                return;
+                return true;
             }
         }
 
-        // If the previous_url is from this site, then
-        // we can redirect back to it.
-        if (strpos(previous_url(), site_url()) === 0) {
-            return redirect()->back()->with('error', lang('Auth.notEnoughPrivilege'));
-        }
-
-        // Otherwise, we'll just send them to the home page.
-        return redirect()->to('/')->with('error', lang('Auth.notEnoughPrivilege'));
-    }
-
-    /**
-     * We don't have anything to do here.
-     *
-     * @param Response|ResponseInterface $response
-     * @param array|null                 $arguments
-     */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
-    {
-        // Nothing required
+        return false;
     }
 }