ACL
Introduction
Oui divides permissions into permission groups, and each permission group is divided into permission classes. Each permission class consists of multiple matching items. Each user needs to be assigned a permission group.
By default, Oui has a permission group named admin, whose configuration file is: /usr/share/oui/acl/admin.json
{
"rpc": {
"matchs": [".+"]
},
"menu": {
"matchs": [".+"]
},
"ubus": {
"matchs": [".+"]
},
"uci": {
"matchs": [".+"]
}
}
Currently, there are four permission classes:
- rpc -
rpcinterface call permission - menu - Hidden or show menu
- ubus -
ubuscall permission - uci -
ucioperating permission
The matching items are an array, and all the matching items in the admin permission group are .+ , indicating any matching, that is, each category has all permissions.
TIP
The match here is actually a regular expression. Can be any Lua regular expression.
Reverse matching
{
"rpc": {
"matchs": ["^uci.get$"],
"reverse": true
}
}
Set the reverse attribute of the permission class to true to reverse the matching.
Examples of matches
rpc
{
"rpc": {
"matchs": [".+"]
}
}
Matches all rpc interfaces
{
"rpc": {
"matchs": ["^uci%..+"]
}
}
Matches all methods in the uci module
{
"rpc": {
"matchs": ["^uci%..+", "^system%..+"]
}
}
Matches all methods in the uci and system modules
{
"rpc": {
"matchs": ["^uci%.get$"]
}
}
Matches the get method in the uci module
{
"rpc": {
"matchs": ["^uci%.get$"],
"reverse": true
}
}
Does not match the get method of the uci module, that is, except the get method of the uci module cannot be called, all other interfaces can be called.
menu
{
"menu": {
"matchs": ["^/system/"]
}
}
Matches menus starting with /system/
{
"menu": {
"matchs": ["^/system/upgrade$"]
}
}
Match /system/upgrade menu
{
"menu": {
"matchs": ["^/system/upgrade$"],
"reverse": true
}
}
Hide the /system/upgrade menu
uci
{
"uci": {
"matchs": ["^system$"]
}
}
Only /etc/config/system is allowed