luci-compat: disable legacy cbi forms on insufficient ACLs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/modules/luci-compat/luasrc/view/cbi/footer.htm b/modules/luci-compat/luasrc/view/cbi/footer.htm
index fecf1bce7ca0797818bc8e0bd579a05842ca29c2..176f10c5e17d488be83e880d46f25bf881db5e0c 100644 (file)
--- a/modules/luci-compat/luasrc/view/cbi/footer.htm
+++ b/modules/luci-compat/luasrc/view/cbi/footer.htm
@@ -19,15 +19,15 @@
                end
 
                if display_apply then
-                       %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')" /> <%
+                       %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
                end
 
                if display_save then
-                       %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>" /> <%
+                       %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
                end
 
                if display_reset then
-                       %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'" /> <%
+                       %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
                end
 
                %></div><%

diff --git a/modules/luci-compat/luasrc/view/cbi/header.htm b/modules/luci-compat/luasrc/view/cbi/header.htm
index 821fa3efaed9637dc86d47ef131174e110659fd6..9d7ea5079beed784f27592851ecbcf3f8e5c548b 100644 (file)
--- a/modules/luci-compat/luasrc/view/cbi/header.htm
+++ b/modules/luci-compat/luasrc/view/cbi/header.htm
@@ -1,4 +1,7 @@
 <%+header%>
+
+<% local has_writeable_map = false %>
+
 <form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')"<%=
        attr("data-strings", luci.util.serialize_json({
                label = {

diff --git a/modules/luci-compat/luasrc/view/cbi/map.htm b/modules/luci-compat/luasrc/view/cbi/map.htm
index cda4d3530c5b095dc60a370a89335fa12b43cb1c..530d1fec60ecde2123492cc0b24f4486656c67bc 100644 (file)
--- a/modules/luci-compat/luasrc/view/cbi/map.htm
+++ b/modules/luci-compat/luasrc/view/cbi/map.htm
@@ -2,7 +2,26 @@
        <div class="alert-message warning"><%=pcdata(msg)%></div>
 <%- end end -%>
 
-<div class="cbi-map" id="cbi-<%=self.config%>">
+<%
+  local function has_access(config, level)
+    local rv = luci.util.ubus("session", "access", {
+               ubus_rpc_session = luci.dispatcher.context.authsession,
+               scope = "uci",
+               object = config,
+               ["function"] = level
+    })
+
+    return (type(rv) == "table" and rv.access == true) or false
+  end
+
+  local is_readable = has_access(self.config, "read")
+  local is_writable = has_access(self.config, "write")
+
+  has_writeable_map = has_writeable_map or is_writable
+%>
+
+<% if is_readable then %>
+<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>>
        <% if self.title and #self.title > 0 then %>
                <h2 name="content"><%=self.title%></h2>
        <% end %>
@@ -38,3 +57,6 @@
                <%- self:render_children() %>
        <% end %>
 </div>
+<% else %>
+<div class="alert-message warning"><%:Insufficient permissions to read UCI configuration.%></div>
+<% end %>