Merge pull request #27092 from guardian/editorial-permissions-proper

actually enforce new permissions for `admin` and `preview`

common/app/http/GuardianAuthWithExemptions.scala

@@ -10,7 +10,6 @@ import common.Environment.stage
 import conf.Configuration.aws.mandatoryCredentials
 import model.ApplicationContext
 import org.apache.pekko.stream.Materializer
-import org.slf4j.LoggerFactory
 import play.api.Mode
 import play.api.libs.ws.WSClient
 import play.api.mvc._
@@ -35,8 +34,6 @@ class GuardianAuthWithExemptions(
 
   private val outer = this
 
-  val logger = LoggerFactory.getLogger(this.getClass)
-
   private val permissions: PermissionsProvider = PermissionsProvider(
     PermissionsConfig(
       stage = if (stage == "PROD") "PROD" else "CODE",
@@ -105,14 +102,12 @@ class GuardianAuthWithExemptions(
           if (permissions.hasPermission(requiredPermission, user.email)) {
             nextFilter(request)
           } else {
-//            Future.successful(
-//              Results.Forbidden(
-//                s"You do not have permission to access $system. " +
-//                  s"You should contact Central Production to request '$requiredEditorialPermissionName' permission.",
-//              ),
-//            )
-            logger.warn(s"${user.email} used $system, but didn't have '$requiredEditorialPermissionName' permission.")
-            nextFilter(request)
+            Future.successful(
+              Results.Forbidden(
+                s"You do not have permission to access $system. " +
+                  s"You should contact Central Production to request '$requiredEditorialPermissionName' permission.",
+              ),
+            )
           }
         }
       }