MVC, obey 'user-config-readonly' for subclasses of ApiMutableModelCon…

…trollerBase.

Eventually (19.7?), user-config-readonly should go to the features of past times, it has has quite some downsides and will keep haunting everybody as long as it's there.

This patch makes sure ApiMutableModelControllerBase->save() adds an additional ACL check before doing the actual save, raising a user exception when not allowed.
Not all our classes use this, but can probably do so, same counts for plugins. We are not, under any circumstances, are going to move an acl check to the Config or model classes, since these have no relationship with the user.

src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php

@@ -31,6 +31,8 @@
 namespace OPNsense\Base;
 
 use \OPNsense\Core\Config;
+use OPNsense\Core\ACL;
+use \OPNsense\Base\UserException;
 
 /**
  * Class ApiMutableModelControllerBase, inherit this class to implement
@@ -178,9 +180,16 @@ protected function validate($node = null, $prefix = null)
      */
     protected function save()
     {
-        $this->getModel()->serializeToConfig();
-        Config::getInstance()->save();
-        return array("result"=>"saved");
+        if (!(new ACL())->hasPrivilege($this->getUserName(), 'user-config-readonly')) {
+            $this->getModel()->serializeToConfig();
+            Config::getInstance()->save();
+            return array("result"=>"saved");
+        } else {
+            // XXX remove user-config-readonly in some future release
+            throw new UserException(
+              sprintf("User %s denied for write access (user-config-readonly set)", $this->getUserName())
+            );
+        }
     }
 
     /**
@@ -293,8 +302,7 @@ public function addBase($post_field, $path)
 
             if (empty($result['validations'])) {
                 // save config if validated correctly
-                $mdl->serializeToConfig();
-                Config::getInstance()->save();
+                $this->save();
                 $result = array(
                     "result" => "saved",
                     "uuid" => $node->getAttribute('uuid')
@@ -327,8 +335,7 @@ public function delBase($path, $uuid)
                     $tmp = $tmp->{$step};
                 }
                 if ($tmp->del($uuid)) {
-                    $mdl->serializeToConfig();
-                    Config::getInstance()->save();
+                    $this->save();
                     $result['result'] = 'deleted';
                 } else {
                     $result['result'] = 'not found';
@@ -358,8 +365,7 @@ public function setBase($post_field, $path, $uuid)
                     $result = $this->validate($node, $post_field);
                     if (empty($result['validations'])) {
                         // save config if validated correctly
-                        $mdl->serializeToConfig();
-                        Config::getInstance()->save();
+                        $this->save();
                         $result = array("result" => "saved");
                     } else {
                         $result["result"] = "failed";
@@ -405,8 +411,7 @@ public function toggleBase($path, $uuid, $enabled = null)
                     }
                     // if item has toggled, serialize to config and save
                     if ($result['changed']) {
-                        $mdl->serializeToConfig();
-                        Config::getInstance()->save();
+                        $this->save();
                     }
                 }
             }