TPac: Use workstation to determine staff

Instead of user agent, which may be set easily by anyone, use the presence
of a workstation ID to determine "staff" use of the TPac.

This is much less likely to be spoofed or incorrect due to things like
previous use of the extension version of the client in Firefox.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index 4137472..122f08c 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -219,7 +219,7 @@ sub load_common {
     $ctx->{full_path} = $ctx->{base_path} . $self->cgi->path_info;
     $ctx->{unparsed_uri} = $self->apache->unparsed_uri;
     $ctx->{opac_root} = $ctx->{base_path} . "/opac"; # absolute base url
-    $ctx->{is_staff} = ($self->apache->headers_in->get('User-Agent') =~ /oils_xulrunner/);
+    $ctx->{is_staff} = 0; # Assume false, check for workstation id later.  Was: ($self->apache->headers_in->get('User-Agent') =~ /oils_xulrunner/);
     $ctx->{orig_loc} = $self->get_orig_loc;
 
     # capture some commonly accessed pages
@@ -238,6 +238,7 @@ sub load_common {
                 'open-ils.actor', 
                 'open-ils.actor.user.opac.vital_stats', 
                 $e->authtoken, $e->requestor->id);
+            $ctx->{is_staff} = 1 if $e->requestor->wsid;
 
         } else {