How about rather than leaking the whole of $user
and its methods and constants into Smarty, make a custom modifier or two that checks a permission and does something useful based on it, e.g.:
A check_access
modifier with the access type on the left (first param) and the true and false output on the right (second and third params):
<textarea id="description" name="description" rows="3" {'EDIT_DESCRIPTION'|check_access:'':'readonly'}>{$item['description']|default:''}</textarea>
Or even more specific, one which outputs the readonly
attribute if it's necessary; I can't think of a good name though:
<textarea id="description" name="description" rows="3" {'EDIT_DESCRIPTION'|readonly_if_no_access}>{$item['description']|default:''}</textarea>