we basically need to extract the "role" (or the permissions) from the HTTP_REQUEST.

UPS has something like this:

• Factor for injecting the username of the underlying HTTP_REQ
• logic to check if admin user is present, to inject a richer SearchImpl