max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Feat: Add default permissions to most plugins (#1460)

Browse Source 
* Add default permissions to most plugins.

Co-authored-by: chippers <chip@chip.sh>
Co-authored-by: fabianlars <fabianlars@fabianlars.de>

* updated default description

* mobile plugin relevant changes

---------

Co-authored-by: chippers <chip@chip.sh>
Co-authored-by: fabianlars <fabianlars@fabianlars.de>
pull/1500/head
Tillmann 11 months ago committed by GitHub
parent f1372adc9d
commit 0cb1baf09a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
73 changed files with 1211 additions and 37 deletions
Show Stats Download Patch File Download Diff File

201
examples/api/src-tauri/gen/schemas/desktop-schema.json
Unescape View File

@ -142,7 +142,7 @@
"identifier": {
"oneOf": [
{
"description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"type": "string",
"enum": [
"fs:default"
@ -1373,6 +1373,13 @@
"fs:allow-write-text-file"
]
},
{
"description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n",
"type": "string",
"enum": [
"fs:create-app-specific-dirs"
]
},
{
"description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.",
"type": "string",
@ -1562,6 +1569,13 @@
"fs:read-all"
]
},
{
"description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n",
"type": "string",
"enum": [
"fs:read-app-specific-dirs-recursive"
]
},
{
"description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.",
"type": "string",
@ -2190,7 +2204,7 @@
"identifier": {
"oneOf": [
{
"description": "http:default -> Allows all fetch operations",
"description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n",
"type": "string",
"enum": [
"http:default"
@ -2313,6 +2327,7 @@
"identifier": {
"oneOf": [
{
"description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n",
"type": "string",
"enum": [
"shell:default"
@ -2567,6 +2582,7 @@
]
},
{
"description": "clipboard-manager:default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n",
"type": "string",
"enum": [
"clipboard-manager:default"
@ -2657,6 +2673,7 @@
]
},
{
"description": "dialog:default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n",
"type": "string",
"enum": [
"dialog:default"
@ -3853,7 +3870,7 @@
]
},
{
"description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"type": "string",
"enum": [
"fs:default"
@ -4027,6 +4044,13 @@
"fs:allow-write-text-file"
]
},
{
"description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n",
"type": "string",
"enum": [
"fs:create-app-specific-dirs"
]
},
{
"description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.",
"type": "string",
@ -4216,6 +4240,13 @@
"fs:read-all"
]
},
{
"description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n",
"type": "string",
"enum": [
"fs:read-app-specific-dirs-recursive"
]
},
{
"description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.",
"type": "string",
@ -4784,6 +4815,7 @@
]
},
{
"description": "global-shortcut:default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n",
"type": "string",
"enum": [
"global-shortcut:default"
@ -4860,7 +4892,7 @@
]
},
{
"description": "http:default -> Allows all fetch operations",
"description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n",
"type": "string",
"enum": [
"http:default"
@ -5336,12 +5368,61 @@
]
},
{
"description": "notification:default -> Allows requesting permission, checking permission state and sending notifications",
"description": "notification:default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n",
"type": "string",
"enum": [
"notification:default"
]
},
{
"description": "notification:allow-batch -> Enables the batch command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-batch"
]
},
{
"description": "notification:allow-cancel -> Enables the cancel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-cancel"
]
},
{
"description": "notification:allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-check-permissions"
]
},
{
"description": "notification:allow-create-channel -> Enables the create_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-create-channel"
]
},
{
"description": "notification:allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-delete-channel"
]
},
{
"description": "notification:allow-get-active -> Enables the get_active command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-get-active"
]
},
{
"description": "notification:allow-get-pending -> Enables the get_pending command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-get-pending"
]
},
{
"description": "notification:allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.",
"type": "string",
@ -5349,6 +5430,13 @@
"notification:allow-is-permission-granted"
]
},
{
"description": "notification:allow-list-channels -> Enables the list_channels command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-list-channels"
]
},
{
"description": "notification:allow-notify -> Enables the notify command without any pre-configured scope.",
"type": "string",
@ -5356,6 +5444,13 @@
"notification:allow-notify"
]
},
{
"description": "notification:allow-permission-state -> Enables the permission_state command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-permission-state"
]
},
{
"description": "notification:allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.",
"type": "string",
@ -5370,6 +5465,13 @@
"notification:allow-register-listener"
]
},
{
"description": "notification:allow-remove-active -> Enables the remove_active command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-remove-active"
]
},
{
"description": "notification:allow-request-permission -> Enables the request_permission command without any pre-configured scope.",
"type": "string",
@ -5377,6 +5479,62 @@
"notification:allow-request-permission"
]
},
{
"description": "notification:allow-show -> Enables the show command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:allow-show"
]
},
{
"description": "notification:deny-batch -> Denies the batch command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-batch"
]
},
{
"description": "notification:deny-cancel -> Denies the cancel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-cancel"
]
},
{
"description": "notification:deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-check-permissions"
]
},
{
"description": "notification:deny-create-channel -> Denies the create_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-create-channel"
]
},
{
"description": "notification:deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-delete-channel"
]
},
{
"description": "notification:deny-get-active -> Denies the get_active command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-get-active"
]
},
{
"description": "notification:deny-get-pending -> Denies the get_pending command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-get-pending"
]
},
{
"description": "notification:deny-is-permission-granted -> Denies the is_permission_granted command without any pre-configured scope.",
"type": "string",
@ -5384,6 +5542,13 @@
"notification:deny-is-permission-granted"
]
},
{
"description": "notification:deny-list-channels -> Denies the list_channels command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-list-channels"
]
},
{
"description": "notification:deny-notify -> Denies the notify command without any pre-configured scope.",
"type": "string",
@ -5391,6 +5556,13 @@
"notification:deny-notify"
]
},
{
"description": "notification:deny-permission-state -> Denies the permission_state command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-permission-state"
]
},
{
"description": "notification:deny-register-action-types -> Denies the register_action_types command without any pre-configured scope.",
"type": "string",
@ -5405,6 +5577,13 @@
"notification:deny-register-listener"
]
},
{
"description": "notification:deny-remove-active -> Denies the remove_active command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-remove-active"
]
},
{
"description": "notification:deny-request-permission -> Denies the request_permission command without any pre-configured scope.",
"type": "string",
@ -5413,6 +5592,14 @@
]
},
{
"description": "notification:deny-show -> Denies the show command without any pre-configured scope.",
"type": "string",
"enum": [
"notification:deny-show"
]
},
{
"description": "os:default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n",
"type": "string",
"enum": [
"os:default"
@ -5650,6 +5837,7 @@
]
},
{
"description": "process:default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n",
"type": "string",
"enum": [
"process:default"
@ -5705,6 +5893,7 @@
]
},
{
"description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n",
"type": "string",
"enum": [
"shell:default"
@ -5942,7 +6131,7 @@
]
},
{
"description": "updater:default -> Allows checking for new updates and installing them",
"description": "updater:default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n",
"type": "string",
"enum": [
"updater:default"

10
plugins/autostart/permissions/autogenerated/reference.md
Unescape View File

@ -6,3 +6,13 @@
|`deny-enable`|Denies the enable command without any pre-configured scope.|
|`allow-is-enabled`|Enables the is_enabled command without any pre-configured scope.|
|`deny-is-enabled`|Denies the is_enabled command without any pre-configured scope.|
|`default`|This permission set configures if your
application can enable or disable auto
starting the application on boot.
#### Granted Permissions
It allows all to check, enable and
disable the automatic start on boot.
|

19
plugins/autostart/permissions/default.toml
Unescape View File

@ -0,0 +1,19 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures if your
application can enable or disable auto
starting the application on boot.
#### Granted Permissions
It allows all to check, enable and
disable the automatic start on boot.
"""
permissions = [
"allow-enable",
"allow-disable",
"allow-is-enabled",
]

7
plugins/autostart/permissions/schemas/schema.json
Unescape View File

@ -335,6 +335,13 @@
"enum": [
"deny-is-enabled"
]
},
{
"description": "default -> This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/barcode-scanner/permissions/autogenerated/reference.md
Unescape View File

@ -12,3 +12,11 @@
|`deny-scan`|Denies the scan command without any pre-configured scope.|
|`allow-vibrate`|Enables the vibrate command without any pre-configured scope.|
|`deny-vibrate`|Denies the vibrate command without any pre-configured scope.|
|`default`|This permission set configures which
barcode scanning features are by default exposed.
#### Granted Permissions
It allows all barcode related features.
|

20
plugins/barcode-scanner/permissions/default.toml
Unescape View File

@ -0,0 +1,20 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures which
barcode scanning features are by default exposed.
#### Granted Permissions
It allows all barcode related features.
"""
permissions = [
"allow-cancel",
"allow-check-permissions",
"allow-open-app-settings",
"allow-request-permissions",
"allow-scan",
"allow-vibrate",
]

7
plugins/barcode-scanner/permissions/schemas/schema.json
Unescape View File

@ -377,6 +377,13 @@
"enum": [
"deny-vibrate"
]
},
{
"description": "default -> This permission set configures which\nbarcode scanning features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all barcode related features.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/biometric/permissions/autogenerated/reference.md
Unescape View File

@ -4,3 +4,11 @@
|`deny-authenticate`|Denies the authenticate command without any pre-configured scope.|
|`allow-status`|Enables the status command without any pre-configured scope.|
|`deny-status`|Denies the status command without any pre-configured scope.|
|`default`|This permission set configures which
biometric features are by default exposed.
#### Granted Permissions
It allows acccess to all biometric commands.
|

16
plugins/biometric/permissions/default.toml
Unescape View File

@ -0,0 +1,16 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures which
biometric features are by default exposed.
#### Granted Permissions
It allows acccess to all biometric commands.
"""
permissions = [
"allow-authenticate",
"allow-status",
]

7
plugins/biometric/permissions/schemas/schema.json
Unescape View File

@ -321,6 +321,13 @@
"enum": [
"deny-status"
]
},
{
"description": "default -> This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

6
plugins/clipboard-manager/permissions/autogenerated/reference.md
Unescape View File

@ -12,3 +12,9 @@
|`deny-write-image`|Denies the write_image command without any pre-configured scope.|
|`allow-write-text`|Enables the write_text command without any pre-configured scope.|
|`deny-write-text`|Denies the write_text command without any pre-configured scope.|
|`default`|No features are enabled by default, as we believe
the clipboard can be inherently dangerous and it is
application specific if read and/or write access is needed.
Clipboard interaction needs to be explicitly enabled.
|

11
plugins/clipboard-manager/permissions/default.toml
Unescape View File

@ -0,0 +1,11 @@
"$schema" = "schemas/schema.json"
[default]
description = """
No features are enabled by default, as we believe
the clipboard can be inherently dangerous and it is
application specific if read and/or write access is needed.
Clipboard interaction needs to be explicitly enabled.
"""
permissions = []

7
plugins/clipboard-manager/permissions/schemas/schema.json
Unescape View File

@ -377,6 +377,13 @@
"enum": [
"deny-write-text"
]
},
{
"description": "default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n",
"type": "string",
"enum": [
"default"
]
}
]
}

2
plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt
Unescape View File

@ -40,6 +40,8 @@ class DeepLinkPlugin(private val activity: Activity): Plugin(activity) {
invoke.resolve(ret)
}
// This command should not be added to the `build.rs` and exposed as it is only
// used internally from the rust backend.
@Command
fun setEventHandler(invoke: Invoke) {
val args = invoke.parseArgs(SetEventHandlerArgs::class.java)

9
plugins/dialog/permissions/autogenerated/reference.md
Unescape View File

@ -10,3 +10,12 @@
|`deny-open`|Denies the open command without any pre-configured scope.|
|`allow-save`|Enables the save command without any pre-configured scope.|
|`deny-save`|Denies the save command without any pre-configured scope.|
|`default`|This permission set configures the types of dialogs
available from the dialog plugin.
#### Granted Permissions
All dialog types are enabled.
|

20
plugins/dialog/permissions/default.toml
Unescape View File

@ -0,0 +1,20 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures the types of dialogs
available from the dialog plugin.
#### Granted Permissions
All dialog types are enabled.
"""
permissions = [
"allow-ask",
"allow-confirm",
"allow-message",
"allow-save",
"allow-open",
]

7
plugins/dialog/permissions/schemas/schema.json
Unescape View File

@ -363,6 +363,13 @@
"enum": [
"deny-save"
]
},
{
"description": "default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

27
plugins/fs/permissions/autogenerated/reference.md
Unescape View File

@ -273,23 +273,27 @@
|`deny-write-file`|Denies the write_file command without any pre-configured scope.|
|`allow-write-text-file`|Enables the write_text_file command without any pre-configured scope.|
|`deny-write-text-file`|Denies the write_text_file command without any pre-configured scope.|
|`default`|# Tauri `fs` default permissions
This configuration file defines the default permissions granted
to the filesystem.
|`create-app-specific-dirs`|This permissions allows to create the application specific directories.
|
|`default`|This set of permissions describes the what kind of
file system access the `fs` plugin has enabled or denied by default.
### Granted Permissions
#### Granted Permissions
This default permission set enables all read-related commands and
allows access to the `$APP` folder and sub directories created in it.
The location of the `$APP` folder depends on the operating system,
This default permission set enables read access to the
application specific directories (AppConfig, AppData, AppLocalData, AppCache,
AppLog) and all files and sub directories created in it.
The location of these directories depends on the operating system,
where the application is run.
In general the `$APP` folder needs to be manually created
In general these directories need to be manually created
by the application at runtime, before accessing files or folders
in it is possible.
### Denied Permissions
Therefore, it is also allowed to create all of these folders via
the `mkdir` command.
#### Denied Permissions
This default permission set prevents access to critical components
of the Tauri application by default.
@ -304,6 +308,9 @@ Allowing access can lead to sensitive information disclosure and should be well
`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.
Allowing access can lead to sensitive information disclosure and should be well considered.|
|`read-all`|This enables all read related commands without any pre-configured accessible paths.|
|`read-app-specific-dirs-recursive`|This permission allows recursive read functionality on the application
specific base directories.
|
|`read-dirs`|This enables directory read and file metadata related commands without any pre-configured accessible paths.|
|`read-files`|This enables file read related commands without any pre-configured accessible paths.|
|`read-meta`|This enables all index or metadata related commands without any pre-configured accessible paths.|

23
plugins/fs/permissions/create-app-specific-dirs.toml
Unescape View File

@ -0,0 +1,23 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "create-app-specific-dirs"
description = """
This permissions allows to create the application specific directories.
"""
commands.allow = ["mkdir"]
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPLOG"

28
plugins/fs/permissions/default.toml
Unescape View File

@ -2,27 +2,33 @@
[default]
description = """
# Tauri `fs` default permissions
This set of permissions describes the what kind of
file system access the `fs` plugin has enabled or denied by default.
This configuration file defines the default permissions granted
to the filesystem.
#### Granted Permissions
### Granted Permissions
This default permission set enables all read-related commands and
allows access to the `$APP` folder and sub directories created in it.
The location of the `$APP` folder depends on the operating system,
This default permission set enables read access to the
application specific directories (AppConfig, AppData, AppLocalData, AppCache,
AppLog) and all files and sub directories created in it.
The location of these directories depends on the operating system,
where the application is run.
In general the `$APP` folder needs to be manually created
In general these directories need to be manually created
by the application at runtime, before accessing files or folders
in it is possible.
### Denied Permissions
Therefore, it is also allowed to create all of these folders via
the `mkdir` command.
#### Denied Permissions
This default permission set prevents access to critical components
of the Tauri application by default.
On Windows the webview data folder access is denied.
"""
permissions = ["read-all", "scope-app-recursive", "deny-default"]
permissions = [
"create-app-specific-dirs",
"read-app-specific-dirs-recursive",
"deny-default",
]

31
plugins/fs/permissions/read-app-specific-dirs-recursive.toml
Unescape View File

@ -0,0 +1,31 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-app-specific-dirs-recursive"
description = """
This permission allows recursive read functionality on the application
specific base directories.
"""
commands.allow = [
"read_dir",
"read_file",
"read_text_file",
"read_text_file_lines",
"read_text_file_lines_next",
"exists",
]
[[permission.scope.allow]]
path = "$APPCONFIG/**"
[[permission.scope.allow]]
path = "$APPDATA/**"
[[permission.scope.allow]]
path = "$APPLOCALDATA/**"
[[permission.scope.allow]]
path = "$APPCACHE/**"
[[permission.scope.allow]]
path = "$APPLOG/**"

16
plugins/fs/permissions/schemas/schema.json
Unescape View File

@ -2206,7 +2206,14 @@
]
},
{
"description": "default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"description": "create-app-specific-dirs -> This permissions allows to create the application specific directories.\n",
"type": "string",
"enum": [
"create-app-specific-dirs"
]
},
{
"description": "default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"type": "string",
"enum": [
"default"
@ -2240,6 +2247,13 @@
"read-all"
]
},
{
"description": "read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n",
"type": "string",
"enum": [
"read-app-specific-dirs-recursive"
]
},
{
"description": "read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.",
"type": "string",

5
plugins/global-shortcut/permissions/autogenerated/reference.md
Unescape View File

@ -10,3 +10,8 @@
|`deny-unregister`|Denies the unregister command without any pre-configured scope.|
|`allow-unregister-all`|Enables the unregister_all command without any pre-configured scope.|
|`deny-unregister-all`|Denies the unregister_all command without any pre-configured scope.|
|`default`|No features are enabled by default, as we believe
the shortcuts can be inherently dangerous and it is
application specific if specific shortcuts should be
registered or unregistered.
|

10
plugins/global-shortcut/permissions/default.toml
Unescape View File

@ -0,0 +1,10 @@
"$schema" = "schemas/schema.json"
[default]
description = """
No features are enabled by default, as we believe
the shortcuts can be inherently dangerous and it is
application specific if specific shortcuts should be
registered or unregistered.
"""
permissions = []

7
plugins/global-shortcut/permissions/schemas/schema.json
Unescape View File

@ -363,6 +363,13 @@
"enum": [
"deny-unregister-all"
]
},
{
"description": "default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n",
"type": "string",
"enum": [
"default"
]
}
]
}

13
plugins/http/permissions/autogenerated/reference.md
Unescape View File

@ -8,4 +8,15 @@
|`deny-fetch-read-body`|Denies the fetch_read_body command without any pre-configured scope.|
|`allow-fetch-send`|Enables the fetch_send command without any pre-configured scope.|
|`deny-fetch-send`|Denies the fetch_send command without any pre-configured scope.|
|`default`|Allows all fetch operations|
|`default`|This permission set configures what kind of
fetch operations are available from the http plugin.
This enables all fetch operations but does not
allow explicitly any origins to be fetched. This needs to
be manually configured before usage.
#### Granted Permissions
All fetch operations are enabled.
|

15
plugins/http/permissions/default.toml
Unescape View File

@ -1,6 +1,19 @@
"$schema" = "schemas/schema.json"
[default]
description = "Allows all fetch operations"
description = """
This permission set configures what kind of
fetch operations are available from the http plugin.
This enables all fetch operations but does not
allow explicitly any origins to be fetched. This needs to
be manually configured before usage.
#### Granted Permissions
All fetch operations are enabled.
"""
permissions = [
"allow-fetch",
"allow-fetch-cancel",

2
plugins/http/permissions/schemas/schema.json
Unescape View File

@ -351,7 +351,7 @@
]
},
{
"description": "default -> Allows all fetch operations",
"description": "default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n",
"type": "string",
"enum": [
"default"

10
plugins/nfc/permissions/autogenerated/reference.md
Unescape View File

@ -6,3 +6,13 @@
|`deny-scan`|Denies the scan command without any pre-configured scope.|
|`allow-write`|Enables the write command without any pre-configured scope.|
|`deny-write`|Denies the write command without any pre-configured scope.|
|`default`|This permission set configures what kind of
operations are available from the nfc plugin.
#### Granted Permissions
Checking if the NFC functionality is available
and scanning nearby tags is allowed.
Writing to tags needs to be manually enabled.
|

18
plugins/nfc/permissions/default.toml
Unescape View File

@ -0,0 +1,18 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures what kind of
operations are available from the nfc plugin.
#### Granted Permissions
Checking if the NFC functionality is available
and scanning nearby tags is allowed.
Writing to tags needs to be manually enabled.
"""
permissions = [
"allow-is-available",
"allow-scan",
]

7
plugins/nfc/permissions/schemas/schema.json
Unescape View File

@ -335,6 +335,13 @@
"enum": [
"deny-write"
]
},
{
"description": "default -> This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

11
plugins/notification/build.rs
Unescape View File

@ -8,6 +8,17 @@ const COMMANDS: &[&str] = &[
"is_permission_granted",
"register_action_types",
"register_listener",
"cancel",
"get_pending",
"remove_active",
"get_active",
"check_permissions",
"show",
"batch",
"list_channels",
"delete_channel",
"create_channel",
"permission_state"
];
fn main() {

13
plugins/notification/permissions/autogenerated/commands/batch.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-batch"
description = "Enables the batch command without any pre-configured scope."
commands.allow = ["batch"]
[[permission]]
identifier = "deny-batch"
description = "Denies the batch command without any pre-configured scope."
commands.deny = ["batch"]

13
plugins/notification/permissions/autogenerated/commands/cancel.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-cancel"
description = "Enables the cancel command without any pre-configured scope."
commands.allow = ["cancel"]
[[permission]]
identifier = "deny-cancel"
description = "Denies the cancel command without any pre-configured scope."
commands.deny = ["cancel"]

13
plugins/notification/permissions/autogenerated/commands/check_permissions.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-check-permissions"
description = "Enables the check_permissions command without any pre-configured scope."
commands.allow = ["check_permissions"]
[[permission]]
identifier = "deny-check-permissions"
description = "Denies the check_permissions command without any pre-configured scope."
commands.deny = ["check_permissions"]

13
plugins/notification/permissions/autogenerated/commands/create_channel.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-create-channel"
description = "Enables the create_channel command without any pre-configured scope."
commands.allow = ["create_channel"]
[[permission]]
identifier = "deny-create-channel"
description = "Denies the create_channel command without any pre-configured scope."
commands.deny = ["create_channel"]

13
plugins/notification/permissions/autogenerated/commands/delete_channel.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-delete-channel"
description = "Enables the delete_channel command without any pre-configured scope."
commands.allow = ["delete_channel"]
[[permission]]
identifier = "deny-delete-channel"
description = "Denies the delete_channel command without any pre-configured scope."
commands.deny = ["delete_channel"]

13
plugins/notification/permissions/autogenerated/commands/get_active.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-get-active"
description = "Enables the get_active command without any pre-configured scope."
commands.allow = ["get_active"]
[[permission]]
identifier = "deny-get-active"
description = "Denies the get_active command without any pre-configured scope."
commands.deny = ["get_active"]

13
plugins/notification/permissions/autogenerated/commands/get_pending.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-get-pending"
description = "Enables the get_pending command without any pre-configured scope."
commands.allow = ["get_pending"]
[[permission]]
identifier = "deny-get-pending"
description = "Denies the get_pending command without any pre-configured scope."
commands.deny = ["get_pending"]

13
plugins/notification/permissions/autogenerated/commands/list_channels.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-list-channels"
description = "Enables the list_channels command without any pre-configured scope."
commands.allow = ["list_channels"]
[[permission]]
identifier = "deny-list-channels"
description = "Denies the list_channels command without any pre-configured scope."
commands.deny = ["list_channels"]

13
plugins/notification/permissions/autogenerated/commands/permission_state.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-permission-state"
description = "Enables the permission_state command without any pre-configured scope."
commands.allow = ["permission_state"]
[[permission]]
identifier = "deny-permission-state"
description = "Denies the permission_state command without any pre-configured scope."
commands.deny = ["permission_state"]

13
plugins/notification/permissions/autogenerated/commands/remove_active.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-remove-active"
description = "Enables the remove_active command without any pre-configured scope."
commands.allow = ["remove_active"]
[[permission]]
identifier = "deny-remove-active"
description = "Denies the remove_active command without any pre-configured scope."
commands.deny = ["remove_active"]

13
plugins/notification/permissions/autogenerated/commands/show.toml
Unescape View File

@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-show"
description = "Enables the show command without any pre-configured scope."
commands.allow = ["show"]
[[permission]]
identifier = "deny-show"
description = "Denies the show command without any pre-configured scope."
commands.deny = ["show"]

31
plugins/notification/permissions/autogenerated/reference.md
Unescape View File

@ -1,13 +1,42 @@
| Permission | Description |
|------|-----|
|`allow-batch`|Enables the batch command without any pre-configured scope.|
|`deny-batch`|Denies the batch command without any pre-configured scope.|
|`allow-cancel`|Enables the cancel command without any pre-configured scope.|
|`deny-cancel`|Denies the cancel command without any pre-configured scope.|
|`allow-check-permissions`|Enables the check_permissions command without any pre-configured scope.|
|`deny-check-permissions`|Denies the check_permissions command without any pre-configured scope.|
|`allow-create-channel`|Enables the create_channel command without any pre-configured scope.|
|`deny-create-channel`|Denies the create_channel command without any pre-configured scope.|
|`allow-delete-channel`|Enables the delete_channel command without any pre-configured scope.|
|`deny-delete-channel`|Denies the delete_channel command without any pre-configured scope.|
|`allow-get-active`|Enables the get_active command without any pre-configured scope.|
|`deny-get-active`|Denies the get_active command without any pre-configured scope.|
|`allow-get-pending`|Enables the get_pending command without any pre-configured scope.|
|`deny-get-pending`|Denies the get_pending command without any pre-configured scope.|
|`allow-is-permission-granted`|Enables the is_permission_granted command without any pre-configured scope.|
|`deny-is-permission-granted`|Denies the is_permission_granted command without any pre-configured scope.|
|`allow-list-channels`|Enables the list_channels command without any pre-configured scope.|
|`deny-list-channels`|Denies the list_channels command without any pre-configured scope.|
|`allow-notify`|Enables the notify command without any pre-configured scope.|
|`deny-notify`|Denies the notify command without any pre-configured scope.|
|`allow-permission-state`|Enables the permission_state command without any pre-configured scope.|
|`deny-permission-state`|Denies the permission_state command without any pre-configured scope.|
|`allow-register-action-types`|Enables the register_action_types command without any pre-configured scope.|
|`deny-register-action-types`|Denies the register_action_types command without any pre-configured scope.|
|`allow-register-listener`|Enables the register_listener command without any pre-configured scope.|
|`deny-register-listener`|Denies the register_listener command without any pre-configured scope.|
|`allow-remove-active`|Enables the remove_active command without any pre-configured scope.|
|`deny-remove-active`|Denies the remove_active command without any pre-configured scope.|
|`allow-request-permission`|Enables the request_permission command without any pre-configured scope.|
|`deny-request-permission`|Denies the request_permission command without any pre-configured scope.|
|`default`|Allows requesting permission, checking permission state and sending notifications|
|`allow-show`|Enables the show command without any pre-configured scope.|
|`deny-show`|Denies the show command without any pre-configured scope.|
|`default`|This permission set configures which
notification features are by default exposed.
#### Granted Permissions
It allows all notification related features.
|

24
plugins/notification/permissions/default.toml
Unescape View File

@ -1,8 +1,30 @@
"$schema" = "schemas/schema.json"
[default]
description = "Allows requesting permission, checking permission state and sending notifications"
description = """
This permission set configures which
notification features are by default exposed.
#### Granted Permissions
It allows all notification related features.
"""
permissions = [
"allow-is-permission-granted",
"allow-request-permission",
"allow-notify",
"allow-register-action-types",
"allow-register-listener",
"allow-cancel",
"allow-get-pending",
"allow-remove-active",
"allow-get-active",
"allow-check-permissions",
"allow-show",
"allow-batch",
"allow-list-channels",
"allow-delete-channel",
"allow-create-channel",
"allow-permission-state"
]

156
plugins/notification/permissions/schemas/schema.json
Unescape View File

@ -294,6 +294,104 @@
"PermissionKind": {
"type": "string",
"oneOf": [
{
"description": "allow-batch -> Enables the batch command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-batch"
]
},
{
"description": "deny-batch -> Denies the batch command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-batch"
]
},
{
"description": "allow-cancel -> Enables the cancel command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-cancel"
]
},
{
"description": "deny-cancel -> Denies the cancel command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-cancel"
]
},
{
"description": "allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-check-permissions"
]
},
{
"description": "deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-check-permissions"
]
},
{
"description": "allow-create-channel -> Enables the create_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-create-channel"
]
},
{
"description": "deny-create-channel -> Denies the create_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-create-channel"
]
},
{
"description": "allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-delete-channel"
]
},
{
"description": "deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-delete-channel"
]
},
{
"description": "allow-get-active -> Enables the get_active command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-get-active"
]
},
{
"description": "deny-get-active -> Denies the get_active command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-get-active"
]
},
{
"description": "allow-get-pending -> Enables the get_pending command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-get-pending"
]
},
{
"description": "deny-get-pending -> Denies the get_pending command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-get-pending"
]
},
{
"description": "allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.",
"type": "string",
@ -308,6 +406,20 @@
"deny-is-permission-granted"
]
},
{
"description": "allow-list-channels -> Enables the list_channels command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-list-channels"
]
},
{
"description": "deny-list-channels -> Denies the list_channels command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-list-channels"
]
},
{
"description": "allow-notify -> Enables the notify command without any pre-configured scope.",
"type": "string",
@ -322,6 +434,20 @@
"deny-notify"
]
},
{
"description": "allow-permission-state -> Enables the permission_state command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-permission-state"
]
},
{
"description": "deny-permission-state -> Denies the permission_state command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-permission-state"
]
},
{
"description": "allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.",
"type": "string",
@ -350,6 +476,20 @@
"deny-register-listener"
]
},
{
"description": "allow-remove-active -> Enables the remove_active command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-remove-active"
]
},
{
"description": "deny-remove-active -> Denies the remove_active command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-remove-active"
]
},
{
"description": "allow-request-permission -> Enables the request_permission command without any pre-configured scope.",
"type": "string",
@ -365,7 +505,21 @@
]
},
{
"description": "default -> Allows requesting permission, checking permission state and sending notifications",
"description": "allow-show -> Enables the show command without any pre-configured scope.",
"type": "string",
"enum": [
"allow-show"
]
},
{
"description": "deny-show -> Denies the show command without any pre-configured scope.",
"type": "string",
"enum": [
"deny-show"
]
},
{
"description": "default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n",
"type": "string",
"enum": [
"default"

9
plugins/os/permissions/autogenerated/reference.md
Unescape View File

@ -16,3 +16,12 @@
|`deny-platform`|Denies the platform command without any pre-configured scope.|
|`allow-version`|Enables the version command without any pre-configured scope.|
|`deny-version`|Denies the version command without any pre-configured scope.|
|`default`|This permission set configures which
operating system information are available
to gather from the frontend.
#### Granted Permissions
All information except the host name are available.
|

23
plugins/os/permissions/default.toml
Unescape View File

@ -0,0 +1,23 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures which
operating system information are available
to gather from the frontend.
#### Granted Permissions
All information except the host name are available.
"""
permissions = [
"allow-arch",
"allow-exe-extension",
"allow-family",
"allow-locale",
"allow-os-type",
"allow-platform",
"allow-version",
]

7
plugins/os/permissions/schemas/schema.json
Unescape View File

@ -405,6 +405,13 @@
"enum": [
"deny-version"
]
},
{
"description": "default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/process/permissions/autogenerated/reference.md
Unescape View File

@ -4,3 +4,11 @@
|`deny-exit`|Denies the exit command without any pre-configured scope.|
|`allow-restart`|Enables the restart command without any pre-configured scope.|
|`deny-restart`|Denies the restart command without any pre-configured scope.|
|`default`|This permission set configures which
process feeatures are by default exposed.
#### Granted Permissions
This enables to quit via `allow-exit` and restart via `allow-restart`
the application.
|

17
plugins/process/permissions/default.toml
Unescape View File

@ -0,0 +1,17 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures which
process feeatures are by default exposed.
#### Granted Permissions
This enables to quit via `allow-exit` and restart via `allow-restart`
the application.
"""
permissions = [
"allow-exit",
"allow-restart",
]

7
plugins/process/permissions/schemas/schema.json
Unescape View File

@ -321,6 +321,13 @@
"enum": [
"deny-restart"
]
},
{
"description": "default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n",
"type": "string",
"enum": [
"default"
]
}
]
}

9
plugins/shell/permissions/autogenerated/reference.md
Unescape View File

@ -10,3 +10,12 @@
|`deny-spawn`|Denies the spawn command without any pre-configured scope.|
|`allow-stdin-write`|Enables the stdin_write command without any pre-configured scope.|
|`deny-stdin-write`|Denies the stdin_write command without any pre-configured scope.|
|`default`|This permission set configures which
shell functionality is exposed by default.
#### Granted Permissions
It allows to use the `open` functionality without any specific
scope pre-configured. It will allow opening `http(s)://`,
`tel:` and `mailto:` links.
|

17
plugins/shell/permissions/default.toml
Unescape View File

@ -0,0 +1,17 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures which
shell functionality is exposed by default.
#### Granted Permissions
It allows to use the `open` functionality without any specific
scope pre-configured. It will allow opening `http(s)://`,
`tel:` and `mailto:` links.
"""
permissions = [
"allow-open",
]

7
plugins/shell/permissions/schemas/schema.json
Unescape View File

@ -363,6 +363,13 @@
"enum": [
"deny-stdin-write"
]
},
{
"description": "default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n",
"type": "string",
"enum": [
"default"
]
}
]
}

11
plugins/sql/permissions/autogenerated/reference.md
Unescape View File

@ -8,3 +8,14 @@
|`deny-load`|Denies the load command without any pre-configured scope.|
|`allow-select`|Enables the select command without any pre-configured scope.|
|`deny-select`|Denies the select command without any pre-configured scope.|
|`default`|# Tauri SQL Default Permissions
This permission set configures what kind of
database operations are available from the sql plugin.
### Granted Permissions
All reading related operations are enabled.
Also allows to load or close a connection.
|

20
plugins/sql/permissions/default.toml
Unescape View File

@ -0,0 +1,20 @@
"$schema" = "schemas/schema.json"
[default]
description = """
# Tauri SQL Default Permissions
This permission set configures what kind of
database operations are available from the sql plugin.
### Granted Permissions
All reading related operations are enabled.
Also allows to load or close a connection.
"""
permissions = [
"allow-close",
"allow-load",
"allow-select",
]

7
plugins/sql/permissions/schemas/schema.json
Unescape View File

@ -349,6 +349,13 @@
"enum": [
"deny-select"
]
},
{
"description": "default -> # Tauri SQL Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/store/permissions/autogenerated/reference.md
Unescape View File

@ -24,3 +24,11 @@
|`deny-set`|Denies the set command without any pre-configured scope.|
|`allow-values`|Enables the values command without any pre-configured scope.|
|`deny-values`|Denies the values command without any pre-configured scope.|
|`default`|This permission set configures what kind of
operations are available from the store plugin.
#### Granted Permissions
All operations are enabled by default.
|

26
plugins/store/permissions/default.toml
Unescape View File

@ -0,0 +1,26 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures what kind of
operations are available from the store plugin.
#### Granted Permissions
All operations are enabled by default.
"""
permissions = [
"allow-clear",
"allow-delete",
"allow-entries",
"allow-get",
"allow-has",
"allow-keys",
"allow-length",
"allow-load",
"allow-reset",
"allow-save",
"allow-set",
"allow-values",
]

7
plugins/store/permissions/schemas/schema.json
Unescape View File

@ -461,6 +461,13 @@
"enum": [
"deny-values"
]
},
{
"description": "default -> This permission set configures what kind of\noperations are available from the store plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/stronghold/permissions/autogenerated/reference.md
Unescape View File

@ -22,3 +22,11 @@
|`deny-save-secret`|Denies the save_secret command without any pre-configured scope.|
|`allow-save-store-record`|Enables the save_store_record command without any pre-configured scope.|
|`deny-save-store-record`|Denies the save_store_record command without any pre-configured scope.|
|`default`|This permission set configures what kind of
operations are available from the stronghold plugin.
#### Granted Permissions
All non-destructive operations are enabled by default.
|

22
plugins/stronghold/permissions/default.toml
Unescape View File

@ -0,0 +1,22 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures what kind of
operations are available from the stronghold plugin.
#### Granted Permissions
All non-destructive operations are enabled by default.
"""
permissions = [
"allow-create-client",
"allow-get-store-record",
"allow-initialize",
"allow-execute-procedure",
"allow-load-client",
"allow-save-secret",
"allow-save-store-record",
"allow-save",
]

7
plugins/stronghold/permissions/schemas/schema.json
Unescape View File

@ -447,6 +447,13 @@
"enum": [
"deny-save-store-record"
]
},
{
"description": "default -> This permission set configures what kind of\noperations are available from the stronghold plugin.\n\n#### Granted Permissions\n\nAll non-destructive operations are enabled by default.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

10
plugins/updater/permissions/autogenerated/reference.md
Unescape View File

@ -8,4 +8,12 @@
|`deny-download-and-install`|Denies the download_and_install command without any pre-configured scope.|
|`allow-install`|Enables the install command without any pre-configured scope.|
|`deny-install`|Denies the install command without any pre-configured scope.|
|`default`|Allows checking for new updates and installing them|
|`default`|This permission set configures which kind of
updater functions are exposed to the frontend.
#### Granted Permissions
The full workflow from checking for updates to installing them
is enabled.
|

11
plugins/updater/permissions/default.toml
Unescape View File

@ -1,6 +1,15 @@
"$schema" = "schemas/schema.json"
[default]
description = "Allows checking for new updates and installing them"
description = """
This permission set configures which kind of
updater functions are exposed to the frontend.
#### Granted Permissions
The full workflow from checking for updates to installing them
is enabled.
"""
permissions = [
"allow-check",
"allow-download",

2
plugins/updater/permissions/schemas/schema.json
Unescape View File

@ -351,7 +351,7 @@
]
},
{
"description": "default -> Allows checking for new updates and installing them",
"description": "default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n",
"type": "string",
"enum": [
"default"

8
plugins/upload/permissions/autogenerated/reference.md
Unescape View File

@ -4,3 +4,11 @@
|`deny-download`|Denies the download command without any pre-configured scope.|
|`allow-upload`|Enables the upload command without any pre-configured scope.|
|`deny-upload`|Denies the upload command without any pre-configured scope.|
|`default`|This permission set configures what kind of
operations are available from the upload plugin.
#### Granted Permissions
All operations are enabled by default.
|

16
plugins/upload/permissions/default.toml
Unescape View File

@ -0,0 +1,16 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures what kind of
operations are available from the upload plugin.
#### Granted Permissions
All operations are enabled by default.
"""
permissions = [
"allow-upload",
"allow-download"
]

7
plugins/upload/permissions/schemas/schema.json
Unescape View File

@ -321,6 +321,13 @@
"enum": [
"deny-upload"
]
},
{
"description": "default -> This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

8
plugins/window-state/permissions/autogenerated/reference.md
Unescape View File

@ -6,3 +6,11 @@
|`deny-restore-state`|Denies the restore_state command without any pre-configured scope.|
|`allow-save-window-state`|Enables the save_window_state command without any pre-configured scope.|
|`deny-save-window-state`|Denies the save_window_state command without any pre-configured scope.|
|`default`|This permission set configures what kind of
operations are available from the window state plugin.
#### Granted Permissions
All operations are enabled by default.
|

17
plugins/window-state/permissions/default.toml
Unescape View File

@ -0,0 +1,17 @@
"$schema" = "schemas/schema.json"
[default]
description = """
This permission set configures what kind of
operations are available from the window state plugin.
#### Granted Permissions
All operations are enabled by default.
"""
permissions = [
"allow-filename",
"allow-restore-state",
"allow-save-window-state",
]

7
plugins/window-state/permissions/schemas/schema.json
Unescape View File

@ -335,6 +335,13 @@
"enum": [
"deny-save-window-state"
]
},
{
"description": "default -> This permission set configures what kind of\noperations are available from the window state plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n",
"type": "string",
"enum": [
"default"
]
}
]
}

Write Preview
Loading…
Cancel
Save