Fix side effects with csrf token, add csrf_token to every post form + add ajax (see http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request), remove django.middleware.csrf.CsrfViewMiddleware ?!

hasPerm = function(label) {
  return (-1 != CY.Array.indexOf(sv_user_permissions, label)) ; 
}