koha: return user flags from hijacked get_template_and_user

koha/Deichman/Auth.pm

@@ -167,7 +167,7 @@ sub templateAndPermissions {
     my $auth   = $self->{session}->get("auth");
     my $branch = $self->{session}->get("branchname") || $auth->{user}->{branchcode}; # session param overrides stored branch
     my $userid = $self->{session}->get("userid")     || $auth->{user}->{userid};     # session param overrides stored userid
-    my $flags = $in->{flagsrequired};
+    my $flags = $in->{flagsrequired}; # TODO this is unused
 
     #use Data::Dumper; warn Dumper($auth);
     my $info = {};

koha/Deichman/Plack/Middleware/Session.pm

@@ -96,14 +96,16 @@ sub call {
         my ($args) = @_;
         my $template = $auth->templateAndPermissions($args);
         my $borrowernumber;
+        my $flags = {};
         if (my $loggedInUser = $session->param("auth")) {
-            $borrowernumber = $loggedInUser->{user}->{borrowernumber}
+            $borrowernumber = $loggedInUser->{user}->{borrowernumber};
+            $flags = C4::Auth::getuserflags($loggedInUser->{user}->{flags}, $loggedInUser->{user}->{userid},) || {};
         }
         return ($template,
             #$session->param("borrowernumber"),
             $borrowernumber // $session->param("borrowernumber"),
             undef, # cookies should not be carried around this way
-            $args->{flagsrequired}, # probably unused
+            $flags
         );
     };
     local *{C4::Auth::_get_session} = sub { $session };