Develop multi-user areas for LuCI

Hi,
I'm new user in this forum and I'm studying OpenWrt.
I've to create 3 roles to access at LuCI web interface, so I'll show different stuffs based on the user role.
I've search in forum but I don't understand if this topic can helps me!

Thank for reply in advance.

Denny

I've found a way to allow access for other user (user must exist on the machine).
Pratically I've edited next files:
/etc/config/rpcd:

config rpcd
	option socket /var/run/ubus.sock
	option timeout 30

config login
	option username 'root'
	option password '$p$root'
	list read '*'
	list write '*'

#add myuser
config login
	option username 'myuser'
	option password '$p$myuser'
	list read '*'
	list write '*'

/usr/lib/lua/luci/index.lua

page.title   = _("Administration")
page.order   = 10
page.sysauth = {"root", "myuser"} #I add here myuser (one or more)
page.sysauth_authenticator = "htmlauth"
page.ucidata = true
page.index = false
page.target = firstnode()

In this situation I can login with myuser and it has access r/w (like root).
Could i use this way?

Hi,

I'm also in a similar situation as mentioned in the query. Were you able to solve it ?

User can be created, but the created user has root privileges and can change everything. I am having issues in creating multiple roles where in user with Role 1 --> Allowed to edit only a couple of options ( Say allowed to create firewall rules, add routes etc..)
Role 2 --> Allowed to only access administration settings and also allow to add interfaces, firmware upgrades etc..
Role 3 --> No edit options ( Only view)

  • RK

Hi,
I've created a module to manage user permissions.
This module deletes from dispatcher the nodes/subnodes.
In my case, I've 2 users (tech and user), then you can edit /etc/config/rcpd and /usr/lib/lua/luci/index.lua as you want.
Download module
In this rar archive there is a tree folder. Put the files into the same directories in your OpenWrt.

/etc/config/nodes: All main nodes and subnodes
/etc/config/users: User-not-allowed Nodes and subnodes
/usr/lib/lua/luci/controller/admin/test.lua: ---DON'T CHANGE FILENAME--- search my post in this forum.

Login as root and you will find Manage users in System Menu.
If you find problems, contact me.

I hope it works.
Bye

Thanks @dennyv90.

Hi, I've tried your instructions. I got these errors

/usr/lib/lua/luci/controller/admin/test.lua:99: attempt to call upvalue 'get_username_session' (a nil value)
stack traceback:
	/usr/lib/lua/luci/controller/admin/test.lua:99: in function 'v'
	/usr/lib/lua/luci/dispatcher.lua:614: in function 'createtree'
	/usr/lib/lua/luci/dispatcher.lua:262: in function 'dispatch'
	/usr/lib/lua/luci/dispatcher.lua:127: in function </usr/lib/lua/luci/dispatcher.lua:126>

Hi,
sorry, I'm reading your post now. Can you give me more details?
Did you add users in index.lua, rpcd?
Did you edit /etc/config/users with your relative users?

after edit REBOOT openwrt

Post code of these 3 files please.

Hi Sir, thanks for the response. Our existing user is only the root user that can accessed both the cli and the gui of the router.

  1. on rpcd: there is a default existing config of root. I'm trying to add 'tech' user to /etc/config/users and followed the configuration of the root.
    config login
    option username 'root'
    option password '$p$root'
    list read ''
    list write '
    '

config login
option username 'tech'
option password '$p$root'
list read ''
list write '
'

  1. on /usr/lib/lua/luci/index.lua: followed your instruction on your first post and added the index.lua file and added the root and tech user to the configuration.
    page.title = _("Administration")
    page.order = 10
    page.sysauth = {"root", "tech"}
    page.sysauth_authenticator = "htmlauth"
    page.ucidata = true
    page.index = false

  2. on /config/users: yep, I have added the relative users(root and tech)
    -> followed your instructions

I'll try your instructions above again. and will update what will be the output again. Thanks!

Ok.

/usr/lib/lua/luci/controller/admin/test.lua:99: attempt to call upvalue 'get_username_session' (a nil value)
stack traceback:
	/usr/lib/lua/luci/controller/admin/test.lua:99: in function 'v'
	/usr/lib/lua/luci/dispatcher.lua:614: in function 'createtree'
	/usr/lib/lua/luci/dispatcher.lua:262: in function 'dispatch'
	/usr/lib/lua/luci/dispatcher.lua:127: in function </usr/lib/lua/luci/dispatcher.lua:126>

It doesn't find get_username_session() function.
I've download last VM openwrt and re-run all steps and it works.

Probably something escapes me :thinking:

@dennyv90 : Good idea! Have you submitted it to the luci dev team? To get it included in the official repo would even simplify your own job during future udpates of openwrt.

On my side, I would like to see an anonymous mode, i.e. the ability to access informational data on the home page (status of the router, cpu, ram, bandwidth, and related info not too sensitive) without any login. Do you think that would be doable?

	/usr/lib/lua/luci/controller/admin/index.lua:21: attempt to call global 'firstnode' (a nil value)
stack traceback:
/usr/lib/lua/luci/controller/admin/index.lua:21: in function 'v'
/usr/lib/lua/luci/dispatcher.lua:614: in function 'createtree'
/usr/lib/lua/luci/dispatcher.lua:262: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:127: in function </usr/lib/lua/luci/dispatcher.lua:126>
Right now I'm getting a different error.
module("luci.controller.admin.index", package.seeall)

function index()
        local root = node()
        if not root.target then
                root.target = alias("admin")
                root.index = true
        end

        local page   = node("admin")
        page.target  = firstchild()
        page.title   = _("Administration")
        page.order   = 10
        page.sysauth = {"root", "tech"}
        page.sysauth_authenticator = "htmlauth"
        page.ucidata = true
        page.index = true
        page.target = firstnode()  ##--> This is the line where the error appears.

        -- Empty services menu to be populated by addons
        entry({"admin", "services"}, firstchild(), _("Services"), 40).index = true

        entry({"admin", "logout"}, call("action_logout"), _("Logout"), 90)
end

function action_logout()
        local dsp = require "luci.dispatcher"
        local utl = require "luci.util"
        local sid = dsp.context.authsession

        if sid then
                utl.ubus("session", "destroy", { ubus_rpc_session = sid })

                luci.http.header("Set-Cookie", "sysauth=%s; expires=%s; path=%s/" %{
                        sid, 'Thu, 01 Jan 1970 01:00:00 GMT', dsp.build_url()
                })
        end

        luci.http.redirect(dsp.build_url())
end


Probably you moved index.lua file in another directory.
You have to leave original files in their own folders and add my test.lua file in /usr/lib/lua/luci/controller/admin/ path.
Index.lua must be in admin directory.

Let me know.

Hi,
I think it can be done querying ubus. I'll try as soon as possible.

Sorry,
I write many times usr/lib/lua/luci/index.lua but the right path is usr/lib/lua/luci/controller/admin/index.lua

That would be super cool. Let me know any progress on your side, or any public repo where we can see progress and/or contribute.

Sorry,
I saw that many files (including index.lua, dispatcher.lua etc.) have been updated since I developed this module...In fact it's true, it doesn't work :expressionless::frowning_face:

My module certainly works on openwrt snapshot r9987-655fff1571 release

Now I'm starting from Openwrt 18.06.4 (stable release) and i'm editing my module to adapts it.
I hope to fix it as soon as possible.

Bye

I've contacted Jow. This is your answer:

The index procedure of a controller file is cached as bytecode and executed from cache on subsequent page invocations. This means you cannot access local functions.

Make your get_username_session function non-local and in your index() procedure do the following:

function index()
    local ctrl = require 'luci.controller.admin.test'  -- must correspond to the controller path
    local foo = ctrl.get_username_session()

    -- ...
end

Now I've fixed file test.lua and this is the link --> https://drive.google.com/open?id=1-B9zgZBjnAzyCJnM0qMKmxlG17gpXzjc

replace this file and test it!
Bye

1 Like

Hi Kris,
I've found a simply way to add overview information to the home page (before that you insert credentials).
Just insert this line after form statement in /usr/lib/lua/luci/view/sysauth.htm file:

<% luci.template.render("admin_status/index") %>

Bye

1 Like

Nice finding, but on my router (same openwrt version), this half works: all lines under Kernel Version show a dash (-) as content. In the browser console, I have this error:
TypeError: info is null 16 luci:134:14
https://xxxxx/cgi-bin/luci/:134
onreadystatechange https://xxxxx/luci-static/resources/xhr.js?v=git-19.170.32094-4d6d8bc:72

line 134 is: var ifc = info.wan || {};
but I don't know how to debug further. Any help or idea?

take a look here:

https://forum.openwrt.org/t/solved-luci-overview-page-has-blank-fields/16967/13