summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-compat/luasrc/view/cbi
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-04-20 09:37:45 +0200
committerJo-Philipp Wich <jo@mein.io>2020-04-20 09:44:14 +0200
commitfd24221d9e99c13fa14ae4b9eaeedac6ec29d5e5 (patch)
tree3ec664aadf783344db4066850b95743ad785a263 /modules/luci-compat/luasrc/view/cbi
parentc48a8d58132b4f175ec0a4b4ec4e15eb199edeb8 (diff)
luci-compat: apply permission constraints from dispatcher
Since template scopes aren't shared we cannot pass the writable state from the map templates to the page footer. Fixes: #3937 Fixes: ffd627f2a ("luci-compat: disable legacy cbi forms on insufficient ACLs") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-compat/luasrc/view/cbi')
-rw-r--r--modules/luci-compat/luasrc/view/cbi/footer.htm6
-rw-r--r--modules/luci-compat/luasrc/view/cbi/map.htm22
2 files changed, 5 insertions, 23 deletions
diff --git a/modules/luci-compat/luasrc/view/cbi/footer.htm b/modules/luci-compat/luasrc/view/cbi/footer.htm
index 176f10c5e1..abcc47b920 100644
--- a/modules/luci-compat/luasrc/view/cbi/footer.htm
+++ b/modules/luci-compat/luasrc/view/cbi/footer.htm
@@ -19,15 +19,15 @@
end
if display_apply then
- %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+ %><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not writable, "disabled")%> /> <%
end
if display_save then
- %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+ %><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not writable, "disabled")%> /> <%
end
if display_reset then
- %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
+ %><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not writable, "disabled")%> /> <%
end
%></div><%
diff --git a/modules/luci-compat/luasrc/view/cbi/map.htm b/modules/luci-compat/luasrc/view/cbi/map.htm
index 530d1fec60..a96f722378 100644
--- a/modules/luci-compat/luasrc/view/cbi/map.htm
+++ b/modules/luci-compat/luasrc/view/cbi/map.htm
@@ -2,26 +2,8 @@
<div class="alert-message warning"><%=pcdata(msg)%></div>
<%- end end -%>
-<%
- local function has_access(config, level)
- local rv = luci.util.ubus("session", "access", {
- ubus_rpc_session = luci.dispatcher.context.authsession,
- scope = "uci",
- object = config,
- ["function"] = level
- })
-
- return (type(rv) == "table" and rv.access == true) or false
- end
-
- local is_readable = has_access(self.config, "read")
- local is_writable = has_access(self.config, "write")
-
- has_writeable_map = has_writeable_map or is_writable
-%>
-
-<% if is_readable then %>
-<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>>
+<% if readable then %>
+<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not writable, "style", "opacity:.6; pointer-events:none")%>>
<% if self.title and #self.title > 0 then %>
<h2 name="content"><%=self.title%></h2>
<% end %>