luci-compat: disable legacy cbi forms on insufficient ACLs

[oweals/luci.git] / modules / luci-compat / luasrc / view / cbi / map.htm

diff --git a/modules/luci-compat/luasrc/view/cbi/map.htm b/modules/luci-compat/luasrc/view/cbi/map.htm
index cda4d3530c5b095dc60a370a89335fa12b43cb1c..530d1fec60ecde2123492cc0b24f4486656c67bc 100644 (file)
--- a/modules/luci-compat/luasrc/view/cbi/map.htm
+++ b/modules/luci-compat/luasrc/view/cbi/map.htm
@@ -2,7 +2,26 @@
        <div class="alert-message warning"><%=pcdata(msg)%></div>
 <%- end end -%>
 
-<div class="cbi-map" id="cbi-<%=self.config%>">
+<%
+  local function has_access(config, level)
+    local rv = luci.util.ubus("session", "access", {
+               ubus_rpc_session = luci.dispatcher.context.authsession,
+               scope = "uci",
+               object = config,
+               ["function"] = level
+    })
+
+    return (type(rv) == "table" and rv.access == true) or false
+  end
+
+  local is_readable = has_access(self.config, "read")
+  local is_writable = has_access(self.config, "write")
+
+  has_writeable_map = has_writeable_map or is_writable
+%>
+
+<% if is_readable then %>
+<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>>
        <% if self.title and #self.title > 0 then %>
                <h2 name="content"><%=self.title%></h2>
        <% end %>
@@ -38,3 +57,6 @@
                <%- self:render_children() %>
        <% end %>
 </div>
+<% else %>
+<div class="alert-message warning"><%:Insufficient permissions to read UCI configuration.%></div>
+<% end %>