diff options
author | Jo-Philipp Wich <jo@mein.io> | 2020-04-20 09:37:45 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2020-04-20 09:44:14 +0200 |
commit | fd24221d9e99c13fa14ae4b9eaeedac6ec29d5e5 (patch) | |
tree | 3ec664aadf783344db4066850b95743ad785a263 /modules/luci-compat/luasrc/view/cbi | |
parent | c48a8d58132b4f175ec0a4b4ec4e15eb199edeb8 (diff) |
luci-compat: apply permission constraints from dispatcher
Since template scopes aren't shared we cannot pass the writable state from
the map templates to the page footer.
Fixes: #3937
Fixes: ffd627f2a ("luci-compat: disable legacy cbi forms on insufficient ACLs")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-compat/luasrc/view/cbi')
-rw-r--r-- | modules/luci-compat/luasrc/view/cbi/footer.htm | 6 | ||||
-rw-r--r-- | modules/luci-compat/luasrc/view/cbi/map.htm | 22 |
2 files changed, 5 insertions, 23 deletions
diff --git a/modules/luci-compat/luasrc/view/cbi/footer.htm b/modules/luci-compat/luasrc/view/cbi/footer.htm index 176f10c5e1..abcc47b920 100644 --- a/modules/luci-compat/luasrc/view/cbi/footer.htm +++ b/modules/luci-compat/luasrc/view/cbi/footer.htm @@ -19,15 +19,15 @@ end if display_apply then - %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not has_writeable_map, "disabled")%> /> <% + %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not writable, "disabled")%> /> <% end if display_save then - %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not has_writeable_map, "disabled")%> /> <% + %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not writable, "disabled")%> /> <% end if display_reset then - %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not has_writeable_map, "disabled")%> /> <% + %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not writable, "disabled")%> /> <% end %></div><% diff --git a/modules/luci-compat/luasrc/view/cbi/map.htm b/modules/luci-compat/luasrc/view/cbi/map.htm index 530d1fec60..a96f722378 100644 --- a/modules/luci-compat/luasrc/view/cbi/map.htm +++ b/modules/luci-compat/luasrc/view/cbi/map.htm @@ -2,26 +2,8 @@ <div class="alert-message warning"><%=pcdata(msg)%></div> <%- end end -%> -<% - local function has_access(config, level) - local rv = luci.util.ubus("session", "access", { - ubus_rpc_session = luci.dispatcher.context.authsession, - scope = "uci", - object = config, - ["function"] = level - }) - - return (type(rv) == "table" and rv.access == true) or false - end - - local is_readable = has_access(self.config, "read") - local is_writable = has_access(self.config, "write") - - has_writeable_map = has_writeable_map or is_writable -%> - -<% if is_readable then %> -<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>> +<% if readable then %> +<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not writable, "style", "opacity:.6; pointer-events:none")%>> <% if self.title and #self.title > 0 then %> <h2 name="content"><%=self.title%></h2> <% end %> |