I added a new user in my OpenWrt system named 'user' with rpcd config. I would like to keep the whole menu view for the 'root' user and for the user 'user' should not view all the menu, only some menu items will be available for user 'user' example the user 'user' will view only the menu Status System Network and Logout.
is it possible to di that with lua ?
I attached the file dispatcher.lua which uses the function dispatch() to handle the request
function dispatch(request)
--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
local ctx = context
local auth, cors, suid, sgid
local menu = menu_json()
local page, lookup_ctx = resolve_page(menu, request)
local action = (page and type(page.action) == "table") and page.action or {}
local tpl = init_template_engine(ctx)
ctx.args = lookup_ctx.request_args
ctx.path = lookup_ctx.path
ctx.dispatched = page
ctx.requestpath = ctx.requestpath or lookup_ctx.request_path
ctx.requestargs = ctx.requestargs or lookup_ctx.request_args
ctx.requested = ctx.requested or page
if type(lookup_ctx.auth) == "table" and next(lookup_ctx.auth) then
local sid, sdat, sacl = is_authenticated(lookup_ctx.auth)
if not (sid and sdat and sacl) and lookup_ctx.auth.login then
local user = http.getenv("HTTP_AUTH_USER")
local pass = http.getenv("HTTP_AUTH_PASS")
if user == nil and pass == nil then
user = http.formvalue("luci_username")
pass = http.formvalue("luci_password")
end
if user and pass then
sid, sdat, sacl = session_setup(user, pass)
end
if not sid then
context.path = {}
http.status(403, "Forbidden")
http.header("X-LuCI-Login-Required", "yes")
local scope = { duser = "root", fuser = user }
local ok, res = util.copcall(tpl.render_string, [[<% include("themes/" .. theme .. "/sysauth") %>]], scope)
if ok then
return res
end
return tpl.render("sysauth", scope)
end
http.header("Set-Cookie", 'sysauth_%s=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
http.getenv("HTTPS") == "on" and "https" or "http",
sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
})
http.redirect(build_url(unpack(ctx.requestpath)))
return
end
if not sid or not sdat or not sacl then
http.status(403, "Forbidden")
http.header("X-LuCI-Login-Required", "yes")
return
end
ctx.authsession = sid
ctx.authtoken = sdat.token
ctx.authuser = sdat.username
ctx.authacl = sacl
end
if #lookup_ctx.acls > 0 then
local perm = check_acl_depends(lookup_ctx.acls, ctx.authacl and ctx.authacl["access-group"])
if perm == nil then
http.status(403, "Forbidden")
return
end
if page then
page.readonly = not perm
end
end
if action.type == "arcombine" then
action = (#lookup_ctx.request_args > 0) and action.targets[2] or action.targets[1]
end
if lookup_ctx.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
luci.http.status(200, "OK")
luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
return
end
if require_post_security(action) then
if not test_post_security() then
return
end
end
if lookup_ctx.sgid then
sys.process.setgroup(lookup_ctx.sgid)
end
if lookup_ctx.suid then
sys.process.setuser(lookup_ctx.suid)
end
if action.type == "view" then
tpl.render("view", { view = action.path })
elseif action.type == "call" then
local ok, mod = util.copcall(require, action.module)
if not ok then
error500(mod)
return
end
local func = mod[action["function"]]
assert(func ~= nil,
'Cannot resolve function "' .. action["function"] .. '". Is it misspelled or local?')
assert(type(func) == "function",
'The symbol "' .. action["function"] .. '" does not refer to a function but data ' ..
'of type "' .. type(func) .. '".')
local argv = (type(action.parameters) == "table" and #action.parameters > 0) and { unpack(action.parameters) } or {}
for _, s in ipairs(lookup_ctx.request_args) do
argv[#argv + 1] = s
end
local ok, err = util.copcall(func, unpack(argv))
if not ok then
error500(err)
end
--elseif action.type == "firstchild" then
-- tpl.render("empty_node_placeholder", getfenv(1))
elseif action.type == "alias" then
local sub_request = {}
for name in action.path:gmatch("[^/]+") do
sub_request[#sub_request + 1] = name
end
for _, s in ipairs(lookup_ctx.request_args) do
sub_request[#sub_request + 1] = s
end
dispatch(sub_request)
elseif action.type == "rewrite" then
local sub_request = { unpack(request) }
for i = 1, action.remove do
table.remove(sub_request, 1)
end
local n = 1
for s in action.path:gmatch("[^/]+") do
table.insert(sub_request, n, s)
n = n + 1
end
for _, s in ipairs(lookup_ctx.request_args) do
sub_request[#sub_request + 1] = s
end
dispatch(sub_request)
elseif action.type == "template" then
tpl.render(action.path, getfenv(1))
elseif action.type == "cbi" then
_cbi({ config = action.config, model = action.path }, unpack(lookup_ctx.request_args))
elseif action.type == "form" then
_form({ model = action.path }, unpack(lookup_ctx.request_args))
else
if not menu.children then
error404("No root node was registered, this usually happens if no module was installed.\n" ..
"Install luci-mod-admin-full and retry. " ..
"If the module is already installed, try removing the /tmp/luci-indexcache file.")
else
error404("No page is registered at '/" .. xml.pcdata(table.concat(lookup_ctx.request_path, "/")) .. "'.\n" ..
"If this url belongs to an extension, make sure it is properly installed.\n" ..
"If the extension was recently installed, try removing the /tmp/luci-indexcache file.")
end
end
end