From: Jo-Philipp Wich Date: Sun, 19 Apr 2020 15:16:44 +0000 (+0200) Subject: luci-compat: disable legacy cbi forms on insufficient ACLs X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ffd627f2a;p=oweals%2Fluci.git luci-compat: disable legacy cbi forms on insufficient ACLs Signed-off-by: Jo-Philipp Wich --- diff --git a/modules/luci-compat/luasrc/view/cbi/footer.htm b/modules/luci-compat/luasrc/view/cbi/footer.htm index fecf1bce7..176f10c5e 100644 --- a/modules/luci-compat/luasrc/view/cbi/footer.htm +++ b/modules/luci-compat/luasrc/view/cbi/footer.htm @@ -19,15 +19,15 @@ end if display_apply then - %> <% + %> /> <% end if display_save then - %> <% + %> /> <% end if display_reset then - %> <% + %> /> <% end %><% diff --git a/modules/luci-compat/luasrc/view/cbi/header.htm b/modules/luci-compat/luasrc/view/cbi/header.htm index 821fa3efa..9d7ea5079 100644 --- a/modules/luci-compat/luasrc/view/cbi/header.htm +++ b/modules/luci-compat/luasrc/view/cbi/header.htm @@ -1,4 +1,7 @@ <%+header%> + +<% local has_writeable_map = false %> +
<%=pcdata(msg)%> <%- end end -%> -
+<% + local function has_access(config, level) + local rv = luci.util.ubus("session", "access", { + ubus_rpc_session = luci.dispatcher.context.authsession, + scope = "uci", + object = config, + ["function"] = level + }) + + return (type(rv) == "table" and rv.access == true) or false + end + + local is_readable = has_access(self.config, "read") + local is_writable = has_access(self.config, "write") + + has_writeable_map = has_writeable_map or is_writable +%> + +<% if is_readable then %> +
> <% if self.title and #self.title > 0 then %>

<%=self.title%>

<% end %> @@ -38,3 +57,6 @@ <%- self:render_children() %> <% end %>
+<% else %> +
<%:Insufficient permissions to read UCI configuration.%>
+<% end %>