luci-compat: apply permission constraints from dispatcher
authorJo-Philipp Wich <jo@mein.io>
Mon, 20 Apr 2020 07:37:45 +0000 (09:37 +0200)
committerJo-Philipp Wich <jo@mein.io>
Mon, 20 Apr 2020 07:44:14 +0000 (09:44 +0200)
Since template scopes aren't shared we cannot pass the writable state from
the map templates to the page footer.

Fixes: #3937
Fixes: ffd627f2a ("luci-compat: disable legacy cbi forms on insufficient ACLs")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-compat/luasrc/view/cbi/footer.htm
modules/luci-compat/luasrc/view/cbi/map.htm

index 176f10c5e17d488be83e880d46f25bf881db5e0c..abcc47b92090c8dda21fe3a58cd865f7863d4bfc 100644 (file)
                end
 
                if display_apply then
-                       %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+                       %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not writable, "disabled")%> /> <%
                end
 
                if display_save then
-                       %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+                       %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not writable, "disabled")%> /> <%
                end
 
                if display_reset then
-                       %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+                       %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not writable, "disabled")%> /> <%
                end
 
                %></div><%
index 530d1fec60ecde2123492cc0b24f4486656c67bc..a96f722378226de70d447bbb6ec1b317d889b35f 100644 (file)
@@ -2,26 +2,8 @@
        <div class="alert-message warning"><%=pcdata(msg)%></div>
 <%- end end -%>
 
-<%
-  local function has_access(config, level)
-    local rv = luci.util.ubus("session", "access", {
-               ubus_rpc_session = luci.dispatcher.context.authsession,
-               scope = "uci",
-               object = config,
-               ["function"] = level
-    })
-
-    return (type(rv) == "table" and rv.access == true) or false
-  end
-
-  local is_readable = has_access(self.config, "read")
-  local is_writable = has_access(self.config, "write")
-
-  has_writeable_map = has_writeable_map or is_writable
-%>
-
-<% if is_readable then %>
-<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>>
+<% if readable then %>
+<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not writable, "style", "opacity:.6; pointer-events:none")%>>
        <% if self.title and #self.title > 0 then %>
                <h2 name="content"><%=self.title%></h2>
        <% end %>