Luci JS: How to Prevent the Root URL from Opening an ACL-Restricted Item

Hello,

I'm attempting to create an application in Luci JS and wish to restrict access to this application for specific users while hiding options like Overview, Network, etc.

I've tried using ACL to control access to different directories for different users, but I'm facing an issue:

When I hide item at the highest order (such as Overview), Luci still opens Overview item at the root URL, resulting in a 403 Forbidden error.

	"admin/status": {
		"title": "Status",
		"order": 10,
		"action": {
			"type": "firstchild",
			"preferred": "overview",
			"recurse": true
		},
		"depends": {
				"acl": [ "luci-app-ap-admin" ]
		}
	},

So the question is: How can I ensure that the root URL opens an item that is not restricted by ACL permissions?

Any help would be greatly appreciated.

I know this is an old question but I ran into the same problem myself. I have posted an issue which also contains a bug fix: