luci-compat: disable legacy cbi forms on insufficient ACLs
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich
parent
74da73b012
commit
ffd627f2a1
3 changed files with 29 additions and 4 deletions
|
|
@ -19,15 +19,15 @@
|
|||
end
|
||||
|
||||
if display_apply then
|
||||
%><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')" /> <%
|
||||
%><input class="btn cbi-button cbi-button-apply" type="button" value="<%:Save & Apply%>" onclick="cbi_submit(this, 'cbi.apply')"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
|
||||
end
|
||||
|
||||
if display_save then
|
||||
%><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>" /> <%
|
||||
%><input class="btn cbi-button cbi-button-save" type="submit" value="<%:Save%>"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
|
||||
end
|
||||
|
||||
if display_reset then
|
||||
%><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'" /> <%
|
||||
%><input class="btn cbi-button cbi-button-reset" type="button" value="<%:Reset%>" onclick="location.href='<%=REQUEST_URI%>'"<%=ifattr(not has_writeable_map, "disabled")%> /> <%
|
||||
end
|
||||
|
||||
%></div><%
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
<%+header%>
|
||||
|
||||
<% local has_writeable_map = false %>
|
||||
|
||||
<form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')"<%=
|
||||
attr("data-strings", luci.util.serialize_json({
|
||||
label = {
|
||||
|
|
|
|||
|
|
@ -2,7 +2,26 @@
|
|||
<div class="alert-message warning"><%=pcdata(msg)%></div>
|
||||
<%- end end -%>
|
||||
|
||||
<div class="cbi-map" id="cbi-<%=self.config%>">
|
||||
<%
|
||||
local function has_access(config, level)
|
||||
local rv = luci.util.ubus("session", "access", {
|
||||
ubus_rpc_session = luci.dispatcher.context.authsession,
|
||||
scope = "uci",
|
||||
object = config,
|
||||
["function"] = level
|
||||
})
|
||||
|
||||
return (type(rv) == "table" and rv.access == true) or false
|
||||
end
|
||||
|
||||
local is_readable = has_access(self.config, "read")
|
||||
local is_writable = has_access(self.config, "write")
|
||||
|
||||
has_writeable_map = has_writeable_map or is_writable
|
||||
%>
|
||||
|
||||
<% if is_readable then %>
|
||||
<div class="cbi-map" id="cbi-<%=self.config%>"<%=ifattr(not is_writable, "style", "opacity:.6; pointer-events:none")%>>
|
||||
<% if self.title and #self.title > 0 then %>
|
||||
<h2 name="content"><%=self.title%></h2>
|
||||
<% end %>
|
||||
|
|
@ -38,3 +57,6 @@
|
|||
<%- self:render_children() %>
|
||||
<% end %>
|
||||
</div>
|
||||
<% else %>
|
||||
<div class="alert-message warning"><%:Insufficient permissions to read UCI configuration.%></div>
|
||||
<% end %>
|
||||
|
|
|
|||
Loading…
Reference in a new issue