LP#1346421 TPAC permission check function.

Support permission checks against the authenticated TPAC user.

[% IF ctx.has_perm('UPDATE_COPY', copy.circ_lib) %] ... [% END %]

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index 7fe805b..5e8743e 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -301,6 +301,7 @@ sub load_common {
     $self->staff_saved_searches_set_expansion_state if $ctx->{is_staff};
     $self->load_search_filter_groups($ctx->{search_ou});
     $self->load_org_util_funcs;
+    $self->load_perm_funcs;
 
     return Apache2::Const::OK;
 }

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
index 2bc2c16..05f59d8 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
@@ -806,6 +806,28 @@ sub setting_is_true_for_orgs {
     $test_org->($ctx->{aou_tree}->());
     return \@valid_orgs;
 }
+
+# Builds and links a perm checking function, testing permissions against
+# the currently logged in user.  
+# ctx->{has_perm}->(perm_code, org_id) => 1/undef
+# For security, perm checks are cached per page, not per process.
+sub load_perm_funcs {
+    my $self = shift;
+    my %perm_cache;
+    $self->ctx->{has_perm} = sub {
+        my ($perm_code, $org_id) = @_;
+        return 0 unless $self->editor->requestor;
+
+        if ($perm_cache{$org_id}) {
+            return $perm_cache{$org_id}{$perm_code} 
+                if exists $perm_cache{$org_id}{$perm_code};
+        } else {
+            $perm_cache{$org_id} = {};
+        }
+        return $perm_cache{$org_id}{$perm_code} =
+            $self->editor->allowed($perm_code, $org_id);
+    }
+}