From 414e2457c2fd2623eb00d768de58ba72b1474025 Mon Sep 17 00:00:00 2001
From: Bill Erickson <berick@esilibrary.com>
Date: Mon, 21 Jul 2014 14:42:32 -0400
Subject: [PATCH] LP#1346421 TPAC permission check function.

Support permission checks against the authenticated TPAC user.

[% IF ctx.has_perm('UPDATE_COPY', copy.circ_lib) %] ... [% END %]

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>
---
 .../perlmods/lib/OpenILS/WWW/EGCatLoader.pm   |  1 +
 .../lib/OpenILS/WWW/EGCatLoader/Util.pm       | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index 7fe805b498..5e8743ef28 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -301,6 +301,7 @@ sub load_common {
     $self->staff_saved_searches_set_expansion_state if $ctx->{is_staff};
     $self->load_search_filter_groups($ctx->{search_ou});
     $self->load_org_util_funcs;
+    $self->load_perm_funcs;
 
     return Apache2::Const::OK;
 }
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
index 2bc2c16b4b..05f59d8bff 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Util.pm
@@ -806,6 +806,28 @@ sub setting_is_true_for_orgs {
     $test_org->($ctx->{aou_tree}->());
     return \@valid_orgs;
 }
+
+# Builds and links a perm checking function, testing permissions against
+# the currently logged in user.  
+# ctx->{has_perm}->(perm_code, org_id) => 1/undef
+# For security, perm checks are cached per page, not per process.
+sub load_perm_funcs {
+    my $self = shift;
+    my %perm_cache;
+    $self->ctx->{has_perm} = sub {
+        my ($perm_code, $org_id) = @_;
+        return 0 unless $self->editor->requestor;
+
+        if ($perm_cache{$org_id}) {
+            return $perm_cache{$org_id}{$perm_code} 
+                if exists $perm_cache{$org_id}{$perm_code};
+        } else {
+            $perm_cache{$org_id} = {};
+        }
+        return $perm_cache{$org_id}{$perm_code} =
+            $self->editor->allowed($perm_code, $org_id);
+    }
+}
     
 
 
-- 
2.43.2