From 265e070b53d520fa6cf2e1b5c928039900b351b8 Mon Sep 17 00:00:00 2001
From: Atte Moisio <attemoisio@attemoisio.fi>
Date: Mon, 15 Apr 2024 09:03:27 +0300
Subject: [PATCH] Override library for authenticated patron requests

Each patron is assigned one library based on municipality. The clients
are currently sending all requests towards the default library, which
fails due to authorization.

The alternative to this change would be to make the clients choose
the correct library based on the authentication response.
---
 api/controller/base.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/api/controller/base.py b/api/controller/base.py
index de11511c4..de52448b2 100644
--- a/api/controller/base.py
+++ b/api/controller/base.py
@@ -120,4 +120,16 @@ def library_for_request(self, library_short_name):
         if not library:
             return LIBRARY_NOT_FOUND
         flask.request.library = library
+
+        # Finland: For authenticated patrons, override the library defined in the request
+        # and use the library assigned to that patron.
+        #
+        # This is a bit sketchy as the authentication requires library to be set already.
+        # So in practice the library in the URL path is used for authentication, but after
+        # that the request is performed with the patron's assigned library.
+        patron = self.manager.index_controller.authenticated_patron_from_request()
+        if isinstance(patron, Patron):
+            library = patron.library
+            flask.request.library = patron.library
+
         return library