From 0cb1baf09aaf6bd9f5b09cbf18619c93cc4cd165 Mon Sep 17 00:00:00 2001 From: Tillmann <112912081+tillmann-crabnebula@users.noreply.github.com> Date: Wed, 26 Jun 2024 14:35:08 +0900 Subject: [PATCH] Feat: Add default permissions to most plugins (#1460) * Add default permissions to most plugins. Co-authored-by: chippers Co-authored-by: fabianlars * updated default description * mobile plugin relevant changes --------- Co-authored-by: chippers Co-authored-by: fabianlars --- .../src-tauri/gen/schemas/desktop-schema.json | 201 +++++++++++++++++- .../permissions/autogenerated/reference.md | 10 + plugins/autostart/permissions/default.toml | 19 ++ .../autostart/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + .../barcode-scanner/permissions/default.toml | 20 ++ .../permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + plugins/biometric/permissions/default.toml | 16 ++ .../biometric/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 6 + .../permissions/default.toml | 11 + .../permissions/schemas/schema.json | 7 + .../android/src/main/java/DeepLinkPlugin.kt | 2 + .../permissions/autogenerated/reference.md | 9 + plugins/dialog/permissions/default.toml | 20 ++ .../dialog/permissions/schemas/schema.json | 7 + .../fs/permissions/autogenerated/reference.md | 27 ++- .../permissions/create-app-specific-dirs.toml | 23 ++ plugins/fs/permissions/default.toml | 28 ++- .../read-app-specific-dirs-recursive.toml | 31 +++ plugins/fs/permissions/schemas/schema.json | 16 +- .../permissions/autogenerated/reference.md | 5 + .../global-shortcut/permissions/default.toml | 10 + .../permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 13 +- plugins/http/permissions/default.toml | 15 +- plugins/http/permissions/schemas/schema.json | 2 +- .../permissions/autogenerated/reference.md | 10 + plugins/nfc/permissions/default.toml | 18 ++ plugins/nfc/permissions/schemas/schema.json | 7 + plugins/notification/build.rs | 11 + .../autogenerated/commands/batch.toml | 13 ++ .../autogenerated/commands/cancel.toml | 13 ++ .../commands/check_permissions.toml | 13 ++ .../commands/create_channel.toml | 13 ++ .../commands/delete_channel.toml | 13 ++ .../autogenerated/commands/get_active.toml | 13 ++ .../autogenerated/commands/get_pending.toml | 13 ++ .../autogenerated/commands/list_channels.toml | 13 ++ .../commands/permission_state.toml | 13 ++ .../autogenerated/commands/remove_active.toml | 13 ++ .../autogenerated/commands/show.toml | 13 ++ .../permissions/autogenerated/reference.md | 31 ++- plugins/notification/permissions/default.toml | 24 ++- .../permissions/schemas/schema.json | 156 +++++++++++++- .../os/permissions/autogenerated/reference.md | 9 + plugins/os/permissions/default.toml | 23 ++ plugins/os/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + plugins/process/permissions/default.toml | 17 ++ .../process/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 9 + plugins/shell/permissions/default.toml | 17 ++ plugins/shell/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 11 + plugins/sql/permissions/default.toml | 20 ++ plugins/sql/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + plugins/store/permissions/default.toml | 26 +++ plugins/store/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + plugins/stronghold/permissions/default.toml | 22 ++ .../permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 10 +- plugins/updater/permissions/default.toml | 11 +- .../updater/permissions/schemas/schema.json | 2 +- .../permissions/autogenerated/reference.md | 8 + plugins/upload/permissions/default.toml | 16 ++ .../upload/permissions/schemas/schema.json | 7 + .../permissions/autogenerated/reference.md | 8 + plugins/window-state/permissions/default.toml | 17 ++ .../permissions/schemas/schema.json | 7 + 73 files changed, 1211 insertions(+), 37 deletions(-) create mode 100644 plugins/autostart/permissions/default.toml create mode 100644 plugins/barcode-scanner/permissions/default.toml create mode 100644 plugins/biometric/permissions/default.toml create mode 100644 plugins/clipboard-manager/permissions/default.toml create mode 100644 plugins/dialog/permissions/default.toml create mode 100644 plugins/fs/permissions/create-app-specific-dirs.toml create mode 100644 plugins/fs/permissions/read-app-specific-dirs-recursive.toml create mode 100644 plugins/global-shortcut/permissions/default.toml create mode 100644 plugins/nfc/permissions/default.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/batch.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/cancel.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/check_permissions.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/create_channel.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/delete_channel.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/get_active.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/get_pending.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/list_channels.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/permission_state.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/remove_active.toml create mode 100644 plugins/notification/permissions/autogenerated/commands/show.toml create mode 100644 plugins/os/permissions/default.toml create mode 100644 plugins/process/permissions/default.toml create mode 100644 plugins/shell/permissions/default.toml create mode 100644 plugins/sql/permissions/default.toml create mode 100644 plugins/store/permissions/default.toml create mode 100644 plugins/stronghold/permissions/default.toml create mode 100644 plugins/upload/permissions/default.toml create mode 100644 plugins/window-state/permissions/default.toml diff --git a/examples/api/src-tauri/gen/schemas/desktop-schema.json b/examples/api/src-tauri/gen/schemas/desktop-schema.json index 532940df..58277295 100644 --- a/examples/api/src-tauri/gen/schemas/desktop-schema.json +++ b/examples/api/src-tauri/gen/schemas/desktop-schema.json @@ -142,7 +142,7 @@ "identifier": { "oneOf": [ { - "description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "fs:default" @@ -1373,6 +1373,13 @@ "fs:allow-write-text-file" ] }, + { + "description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "fs:create-app-specific-dirs" + ] + }, { "description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.", "type": "string", @@ -1562,6 +1569,13 @@ "fs:read-all" ] }, + { + "description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "fs:read-app-specific-dirs-recursive" + ] + }, { "description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", @@ -2190,7 +2204,7 @@ "identifier": { "oneOf": [ { - "description": "http:default -> Allows all fetch operations", + "description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "http:default" @@ -2313,6 +2327,7 @@ "identifier": { "oneOf": [ { + "description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", "type": "string", "enum": [ "shell:default" @@ -2567,6 +2582,7 @@ ] }, { + "description": "clipboard-manager:default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n", "type": "string", "enum": [ "clipboard-manager:default" @@ -2657,6 +2673,7 @@ ] }, { + "description": "dialog:default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n", "type": "string", "enum": [ "dialog:default" @@ -3853,7 +3870,7 @@ ] }, { - "description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "fs:default" @@ -4027,6 +4044,13 @@ "fs:allow-write-text-file" ] }, + { + "description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "fs:create-app-specific-dirs" + ] + }, { "description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.", "type": "string", @@ -4216,6 +4240,13 @@ "fs:read-all" ] }, + { + "description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "fs:read-app-specific-dirs-recursive" + ] + }, { "description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", @@ -4784,6 +4815,7 @@ ] }, { + "description": "global-shortcut:default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n", "type": "string", "enum": [ "global-shortcut:default" @@ -4860,7 +4892,7 @@ ] }, { - "description": "http:default -> Allows all fetch operations", + "description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "http:default" @@ -5336,12 +5368,61 @@ ] }, { - "description": "notification:default -> Allows requesting permission, checking permission state and sending notifications", + "description": "notification:default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n", "type": "string", "enum": [ "notification:default" ] }, + { + "description": "notification:allow-batch -> Enables the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-batch" + ] + }, + { + "description": "notification:allow-cancel -> Enables the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-cancel" + ] + }, + { + "description": "notification:allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-check-permissions" + ] + }, + { + "description": "notification:allow-create-channel -> Enables the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-create-channel" + ] + }, + { + "description": "notification:allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-delete-channel" + ] + }, + { + "description": "notification:allow-get-active -> Enables the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-get-active" + ] + }, + { + "description": "notification:allow-get-pending -> Enables the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-get-pending" + ] + }, { "description": "notification:allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -5349,6 +5430,13 @@ "notification:allow-is-permission-granted" ] }, + { + "description": "notification:allow-list-channels -> Enables the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-list-channels" + ] + }, { "description": "notification:allow-notify -> Enables the notify command without any pre-configured scope.", "type": "string", @@ -5356,6 +5444,13 @@ "notification:allow-notify" ] }, + { + "description": "notification:allow-permission-state -> Enables the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-permission-state" + ] + }, { "description": "notification:allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.", "type": "string", @@ -5370,6 +5465,13 @@ "notification:allow-register-listener" ] }, + { + "description": "notification:allow-remove-active -> Enables the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-remove-active" + ] + }, { "description": "notification:allow-request-permission -> Enables the request_permission command without any pre-configured scope.", "type": "string", @@ -5377,6 +5479,62 @@ "notification:allow-request-permission" ] }, + { + "description": "notification:allow-show -> Enables the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-show" + ] + }, + { + "description": "notification:deny-batch -> Denies the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-batch" + ] + }, + { + "description": "notification:deny-cancel -> Denies the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-cancel" + ] + }, + { + "description": "notification:deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-check-permissions" + ] + }, + { + "description": "notification:deny-create-channel -> Denies the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-create-channel" + ] + }, + { + "description": "notification:deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-delete-channel" + ] + }, + { + "description": "notification:deny-get-active -> Denies the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-get-active" + ] + }, + { + "description": "notification:deny-get-pending -> Denies the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-get-pending" + ] + }, { "description": "notification:deny-is-permission-granted -> Denies the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -5384,6 +5542,13 @@ "notification:deny-is-permission-granted" ] }, + { + "description": "notification:deny-list-channels -> Denies the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-list-channels" + ] + }, { "description": "notification:deny-notify -> Denies the notify command without any pre-configured scope.", "type": "string", @@ -5391,6 +5556,13 @@ "notification:deny-notify" ] }, + { + "description": "notification:deny-permission-state -> Denies the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-permission-state" + ] + }, { "description": "notification:deny-register-action-types -> Denies the register_action_types command without any pre-configured scope.", "type": "string", @@ -5405,6 +5577,13 @@ "notification:deny-register-listener" ] }, + { + "description": "notification:deny-remove-active -> Denies the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-remove-active" + ] + }, { "description": "notification:deny-request-permission -> Denies the request_permission command without any pre-configured scope.", "type": "string", @@ -5413,6 +5592,14 @@ ] }, { + "description": "notification:deny-show -> Denies the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-show" + ] + }, + { + "description": "os:default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n", "type": "string", "enum": [ "os:default" @@ -5650,6 +5837,7 @@ ] }, { + "description": "process:default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n", "type": "string", "enum": [ "process:default" @@ -5705,6 +5893,7 @@ ] }, { + "description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", "type": "string", "enum": [ "shell:default" @@ -5942,7 +6131,7 @@ ] }, { - "description": "updater:default -> Allows checking for new updates and installing them", + "description": "updater:default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n", "type": "string", "enum": [ "updater:default" diff --git a/plugins/autostart/permissions/autogenerated/reference.md b/plugins/autostart/permissions/autogenerated/reference.md index 73d22eb9..329e5a0b 100644 --- a/plugins/autostart/permissions/autogenerated/reference.md +++ b/plugins/autostart/permissions/autogenerated/reference.md @@ -6,3 +6,13 @@ |`deny-enable`|Denies the enable command without any pre-configured scope.| |`allow-is-enabled`|Enables the is_enabled command without any pre-configured scope.| |`deny-is-enabled`|Denies the is_enabled command without any pre-configured scope.| +|`default`|This permission set configures if your +application can enable or disable auto +starting the application on boot. + +#### Granted Permissions + +It allows all to check, enable and +disable the automatic start on boot. + +| diff --git a/plugins/autostart/permissions/default.toml b/plugins/autostart/permissions/default.toml new file mode 100644 index 00000000..e2f71212 --- /dev/null +++ b/plugins/autostart/permissions/default.toml @@ -0,0 +1,19 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures if your +application can enable or disable auto +starting the application on boot. + +#### Granted Permissions + +It allows all to check, enable and +disable the automatic start on boot. + +""" + +permissions = [ + "allow-enable", + "allow-disable", + "allow-is-enabled", +] diff --git a/plugins/autostart/permissions/schemas/schema.json b/plugins/autostart/permissions/schemas/schema.json index 901d274c..4ec9e10e 100644 --- a/plugins/autostart/permissions/schemas/schema.json +++ b/plugins/autostart/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-is-enabled" ] + }, + { + "description": "default -> This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/barcode-scanner/permissions/autogenerated/reference.md b/plugins/barcode-scanner/permissions/autogenerated/reference.md index 1d45e36c..452b1042 100644 --- a/plugins/barcode-scanner/permissions/autogenerated/reference.md +++ b/plugins/barcode-scanner/permissions/autogenerated/reference.md @@ -12,3 +12,11 @@ |`deny-scan`|Denies the scan command without any pre-configured scope.| |`allow-vibrate`|Enables the vibrate command without any pre-configured scope.| |`deny-vibrate`|Denies the vibrate command without any pre-configured scope.| +|`default`|This permission set configures which +barcode scanning features are by default exposed. + +#### Granted Permissions + +It allows all barcode related features. + +| diff --git a/plugins/barcode-scanner/permissions/default.toml b/plugins/barcode-scanner/permissions/default.toml new file mode 100644 index 00000000..3b5a2dfd --- /dev/null +++ b/plugins/barcode-scanner/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures which +barcode scanning features are by default exposed. + +#### Granted Permissions + +It allows all barcode related features. + +""" + +permissions = [ + "allow-cancel", + "allow-check-permissions", + "allow-open-app-settings", + "allow-request-permissions", + "allow-scan", + "allow-vibrate", +] diff --git a/plugins/barcode-scanner/permissions/schemas/schema.json b/plugins/barcode-scanner/permissions/schemas/schema.json index 433df113..7e99ee7c 100644 --- a/plugins/barcode-scanner/permissions/schemas/schema.json +++ b/plugins/barcode-scanner/permissions/schemas/schema.json @@ -377,6 +377,13 @@ "enum": [ "deny-vibrate" ] + }, + { + "description": "default -> This permission set configures which\nbarcode scanning features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all barcode related features.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/biometric/permissions/autogenerated/reference.md b/plugins/biometric/permissions/autogenerated/reference.md index e48ce066..6f57ebd3 100644 --- a/plugins/biometric/permissions/autogenerated/reference.md +++ b/plugins/biometric/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-authenticate`|Denies the authenticate command without any pre-configured scope.| |`allow-status`|Enables the status command without any pre-configured scope.| |`deny-status`|Denies the status command without any pre-configured scope.| +|`default`|This permission set configures which +biometric features are by default exposed. + +#### Granted Permissions + +It allows acccess to all biometric commands. + +| diff --git a/plugins/biometric/permissions/default.toml b/plugins/biometric/permissions/default.toml new file mode 100644 index 00000000..f50061b7 --- /dev/null +++ b/plugins/biometric/permissions/default.toml @@ -0,0 +1,16 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures which +biometric features are by default exposed. + +#### Granted Permissions + +It allows acccess to all biometric commands. + +""" + +permissions = [ + "allow-authenticate", + "allow-status", +] diff --git a/plugins/biometric/permissions/schemas/schema.json b/plugins/biometric/permissions/schemas/schema.json index d134e66e..f992c8c6 100644 --- a/plugins/biometric/permissions/schemas/schema.json +++ b/plugins/biometric/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-status" ] + }, + { + "description": "default -> This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/clipboard-manager/permissions/autogenerated/reference.md b/plugins/clipboard-manager/permissions/autogenerated/reference.md index 06140965..4ce23a4e 100644 --- a/plugins/clipboard-manager/permissions/autogenerated/reference.md +++ b/plugins/clipboard-manager/permissions/autogenerated/reference.md @@ -12,3 +12,9 @@ |`deny-write-image`|Denies the write_image command without any pre-configured scope.| |`allow-write-text`|Enables the write_text command without any pre-configured scope.| |`deny-write-text`|Denies the write_text command without any pre-configured scope.| +|`default`|No features are enabled by default, as we believe +the clipboard can be inherently dangerous and it is +application specific if read and/or write access is needed. + +Clipboard interaction needs to be explicitly enabled. +| diff --git a/plugins/clipboard-manager/permissions/default.toml b/plugins/clipboard-manager/permissions/default.toml new file mode 100644 index 00000000..d6f65195 --- /dev/null +++ b/plugins/clipboard-manager/permissions/default.toml @@ -0,0 +1,11 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +No features are enabled by default, as we believe +the clipboard can be inherently dangerous and it is +application specific if read and/or write access is needed. + +Clipboard interaction needs to be explicitly enabled. +""" + +permissions = [] diff --git a/plugins/clipboard-manager/permissions/schemas/schema.json b/plugins/clipboard-manager/permissions/schemas/schema.json index b00ff99a..90e00c4d 100644 --- a/plugins/clipboard-manager/permissions/schemas/schema.json +++ b/plugins/clipboard-manager/permissions/schemas/schema.json @@ -377,6 +377,13 @@ "enum": [ "deny-write-text" ] + }, + { + "description": "default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt b/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt index 58bc70c7..db4e79af 100644 --- a/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt +++ b/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt @@ -40,6 +40,8 @@ class DeepLinkPlugin(private val activity: Activity): Plugin(activity) { invoke.resolve(ret) } + // This command should not be added to the `build.rs` and exposed as it is only + // used internally from the rust backend. @Command fun setEventHandler(invoke: Invoke) { val args = invoke.parseArgs(SetEventHandlerArgs::class.java) diff --git a/plugins/dialog/permissions/autogenerated/reference.md b/plugins/dialog/permissions/autogenerated/reference.md index 0f5c9a7d..e69bf5d8 100644 --- a/plugins/dialog/permissions/autogenerated/reference.md +++ b/plugins/dialog/permissions/autogenerated/reference.md @@ -10,3 +10,12 @@ |`deny-open`|Denies the open command without any pre-configured scope.| |`allow-save`|Enables the save command without any pre-configured scope.| |`deny-save`|Denies the save command without any pre-configured scope.| +|`default`|This permission set configures the types of dialogs +available from the dialog plugin. + +#### Granted Permissions + +All dialog types are enabled. + + +| diff --git a/plugins/dialog/permissions/default.toml b/plugins/dialog/permissions/default.toml new file mode 100644 index 00000000..59265f54 --- /dev/null +++ b/plugins/dialog/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures the types of dialogs +available from the dialog plugin. + +#### Granted Permissions + +All dialog types are enabled. + + +""" +permissions = [ + "allow-ask", + "allow-confirm", + "allow-message", + "allow-save", + "allow-open", +] diff --git a/plugins/dialog/permissions/schemas/schema.json b/plugins/dialog/permissions/schemas/schema.json index b8940d26..4a8d59af 100644 --- a/plugins/dialog/permissions/schemas/schema.json +++ b/plugins/dialog/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-save" ] + }, + { + "description": "default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/fs/permissions/autogenerated/reference.md b/plugins/fs/permissions/autogenerated/reference.md index 72328877..045d1a0b 100644 --- a/plugins/fs/permissions/autogenerated/reference.md +++ b/plugins/fs/permissions/autogenerated/reference.md @@ -273,23 +273,27 @@ |`deny-write-file`|Denies the write_file command without any pre-configured scope.| |`allow-write-text-file`|Enables the write_text_file command without any pre-configured scope.| |`deny-write-text-file`|Denies the write_text_file command without any pre-configured scope.| -|`default`|# Tauri `fs` default permissions - -This configuration file defines the default permissions granted -to the filesystem. +|`create-app-specific-dirs`|This permissions allows to create the application specific directories. +| +|`default`|This set of permissions describes the what kind of +file system access the `fs` plugin has enabled or denied by default. -### Granted Permissions +#### Granted Permissions -This default permission set enables all read-related commands and -allows access to the `$APP` folder and sub directories created in it. -The location of the `$APP` folder depends on the operating system, +This default permission set enables read access to the +application specific directories (AppConfig, AppData, AppLocalData, AppCache, +AppLog) and all files and sub directories created in it. +The location of these directories depends on the operating system, where the application is run. -In general the `$APP` folder needs to be manually created +In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible. -### Denied Permissions +Therefore, it is also allowed to create all of these folders via +the `mkdir` command. + +#### Denied Permissions This default permission set prevents access to critical components of the Tauri application by default. @@ -304,6 +308,9 @@ Allowing access can lead to sensitive information disclosure and should be well `$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.| |`read-all`|This enables all read related commands without any pre-configured accessible paths.| +|`read-app-specific-dirs-recursive`|This permission allows recursive read functionality on the application +specific base directories. +| |`read-dirs`|This enables directory read and file metadata related commands without any pre-configured accessible paths.| |`read-files`|This enables file read related commands without any pre-configured accessible paths.| |`read-meta`|This enables all index or metadata related commands without any pre-configured accessible paths.| diff --git a/plugins/fs/permissions/create-app-specific-dirs.toml b/plugins/fs/permissions/create-app-specific-dirs.toml new file mode 100644 index 00000000..45fa632e --- /dev/null +++ b/plugins/fs/permissions/create-app-specific-dirs.toml @@ -0,0 +1,23 @@ +"$schema" = "schemas/schema.json" + +[[permission]] +identifier = "create-app-specific-dirs" +description = """ +This permissions allows to create the application specific directories. +""" +commands.allow = ["mkdir"] + +[[permission.scope.allow]] +path = "$APPCONFIG" + +[[permission.scope.allow]] +path = "$APPDATA" + +[[permission.scope.allow]] +path = "$APPLOCALDATA" + +[[permission.scope.allow]] +path = "$APPCACHE" + +[[permission.scope.allow]] +path = "$APPLOG" \ No newline at end of file diff --git a/plugins/fs/permissions/default.toml b/plugins/fs/permissions/default.toml index 213fece0..279fca79 100644 --- a/plugins/fs/permissions/default.toml +++ b/plugins/fs/permissions/default.toml @@ -2,27 +2,33 @@ [default] description = """ -# Tauri `fs` default permissions +This set of permissions describes the what kind of +file system access the `fs` plugin has enabled or denied by default. -This configuration file defines the default permissions granted -to the filesystem. +#### Granted Permissions -### Granted Permissions - -This default permission set enables all read-related commands and -allows access to the `$APP` folder and sub directories created in it. -The location of the `$APP` folder depends on the operating system, +This default permission set enables read access to the +application specific directories (AppConfig, AppData, AppLocalData, AppCache, +AppLog) and all files and sub directories created in it. +The location of these directories depends on the operating system, where the application is run. -In general the `$APP` folder needs to be manually created +In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible. -### Denied Permissions +Therefore, it is also allowed to create all of these folders via +the `mkdir` command. + +#### Denied Permissions This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied. """ -permissions = ["read-all", "scope-app-recursive", "deny-default"] +permissions = [ + "create-app-specific-dirs", + "read-app-specific-dirs-recursive", + "deny-default", +] diff --git a/plugins/fs/permissions/read-app-specific-dirs-recursive.toml b/plugins/fs/permissions/read-app-specific-dirs-recursive.toml new file mode 100644 index 00000000..409f24fc --- /dev/null +++ b/plugins/fs/permissions/read-app-specific-dirs-recursive.toml @@ -0,0 +1,31 @@ +"$schema" = "schemas/schema.json" + +[[permission]] +identifier = "read-app-specific-dirs-recursive" +description = """ +This permission allows recursive read functionality on the application +specific base directories. +""" +commands.allow = [ + "read_dir", + "read_file", + "read_text_file", + "read_text_file_lines", + "read_text_file_lines_next", + "exists", +] + +[[permission.scope.allow]] +path = "$APPCONFIG/**" + +[[permission.scope.allow]] +path = "$APPDATA/**" + +[[permission.scope.allow]] +path = "$APPLOCALDATA/**" + +[[permission.scope.allow]] +path = "$APPCACHE/**" + +[[permission.scope.allow]] +path = "$APPLOG/**" \ No newline at end of file diff --git a/plugins/fs/permissions/schemas/schema.json b/plugins/fs/permissions/schemas/schema.json index 96817842..4910e952 100644 --- a/plugins/fs/permissions/schemas/schema.json +++ b/plugins/fs/permissions/schemas/schema.json @@ -2206,7 +2206,14 @@ ] }, { - "description": "default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "create-app-specific-dirs" + ] + }, + { + "description": "default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "default" @@ -2240,6 +2247,13 @@ "read-all" ] }, + { + "description": "read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "read-app-specific-dirs-recursive" + ] + }, { "description": "read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", diff --git a/plugins/global-shortcut/permissions/autogenerated/reference.md b/plugins/global-shortcut/permissions/autogenerated/reference.md index 071594c3..fed89448 100644 --- a/plugins/global-shortcut/permissions/autogenerated/reference.md +++ b/plugins/global-shortcut/permissions/autogenerated/reference.md @@ -10,3 +10,8 @@ |`deny-unregister`|Denies the unregister command without any pre-configured scope.| |`allow-unregister-all`|Enables the unregister_all command without any pre-configured scope.| |`deny-unregister-all`|Denies the unregister_all command without any pre-configured scope.| +|`default`|No features are enabled by default, as we believe +the shortcuts can be inherently dangerous and it is +application specific if specific shortcuts should be +registered or unregistered. +| diff --git a/plugins/global-shortcut/permissions/default.toml b/plugins/global-shortcut/permissions/default.toml new file mode 100644 index 00000000..9627c886 --- /dev/null +++ b/plugins/global-shortcut/permissions/default.toml @@ -0,0 +1,10 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +No features are enabled by default, as we believe +the shortcuts can be inherently dangerous and it is +application specific if specific shortcuts should be +registered or unregistered. +""" + +permissions = [] diff --git a/plugins/global-shortcut/permissions/schemas/schema.json b/plugins/global-shortcut/permissions/schemas/schema.json index 55b9b02b..615a8a18 100644 --- a/plugins/global-shortcut/permissions/schemas/schema.json +++ b/plugins/global-shortcut/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-unregister-all" ] + }, + { + "description": "default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/http/permissions/autogenerated/reference.md b/plugins/http/permissions/autogenerated/reference.md index d0fa4a6e..27d924a9 100644 --- a/plugins/http/permissions/autogenerated/reference.md +++ b/plugins/http/permissions/autogenerated/reference.md @@ -8,4 +8,15 @@ |`deny-fetch-read-body`|Denies the fetch_read_body command without any pre-configured scope.| |`allow-fetch-send`|Enables the fetch_send command without any pre-configured scope.| |`deny-fetch-send`|Denies the fetch_send command without any pre-configured scope.| -|`default`|Allows all fetch operations| +|`default`|This permission set configures what kind of +fetch operations are available from the http plugin. + +This enables all fetch operations but does not +allow explicitly any origins to be fetched. This needs to +be manually configured before usage. + +#### Granted Permissions + +All fetch operations are enabled. + +| diff --git a/plugins/http/permissions/default.toml b/plugins/http/permissions/default.toml index fd7802b4..b469536d 100644 --- a/plugins/http/permissions/default.toml +++ b/plugins/http/permissions/default.toml @@ -1,6 +1,19 @@ "$schema" = "schemas/schema.json" + [default] -description = "Allows all fetch operations" +description = """ +This permission set configures what kind of +fetch operations are available from the http plugin. + +This enables all fetch operations but does not +allow explicitly any origins to be fetched. This needs to +be manually configured before usage. + +#### Granted Permissions + +All fetch operations are enabled. + +""" permissions = [ "allow-fetch", "allow-fetch-cancel", diff --git a/plugins/http/permissions/schemas/schema.json b/plugins/http/permissions/schemas/schema.json index 7480bb2a..17ce3d3d 100644 --- a/plugins/http/permissions/schemas/schema.json +++ b/plugins/http/permissions/schemas/schema.json @@ -351,7 +351,7 @@ ] }, { - "description": "default -> Allows all fetch operations", + "description": "default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/nfc/permissions/autogenerated/reference.md b/plugins/nfc/permissions/autogenerated/reference.md index 3224859f..b627f708 100644 --- a/plugins/nfc/permissions/autogenerated/reference.md +++ b/plugins/nfc/permissions/autogenerated/reference.md @@ -6,3 +6,13 @@ |`deny-scan`|Denies the scan command without any pre-configured scope.| |`allow-write`|Enables the write command without any pre-configured scope.| |`deny-write`|Denies the write command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the nfc plugin. + +#### Granted Permissions + +Checking if the NFC functionality is available +and scanning nearby tags is allowed. +Writing to tags needs to be manually enabled. + +| diff --git a/plugins/nfc/permissions/default.toml b/plugins/nfc/permissions/default.toml new file mode 100644 index 00000000..3be65b19 --- /dev/null +++ b/plugins/nfc/permissions/default.toml @@ -0,0 +1,18 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the nfc plugin. + +#### Granted Permissions + +Checking if the NFC functionality is available +and scanning nearby tags is allowed. +Writing to tags needs to be manually enabled. + +""" +permissions = [ + "allow-is-available", + "allow-scan", +] diff --git a/plugins/nfc/permissions/schemas/schema.json b/plugins/nfc/permissions/schemas/schema.json index 3ca96fd3..e5d5931a 100644 --- a/plugins/nfc/permissions/schemas/schema.json +++ b/plugins/nfc/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-write" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/notification/build.rs b/plugins/notification/build.rs index e5b6ced3..ca9c718b 100644 --- a/plugins/notification/build.rs +++ b/plugins/notification/build.rs @@ -8,6 +8,17 @@ const COMMANDS: &[&str] = &[ "is_permission_granted", "register_action_types", "register_listener", + "cancel", + "get_pending", + "remove_active", + "get_active", + "check_permissions", + "show", + "batch", + "list_channels", + "delete_channel", + "create_channel", + "permission_state" ]; fn main() { diff --git a/plugins/notification/permissions/autogenerated/commands/batch.toml b/plugins/notification/permissions/autogenerated/commands/batch.toml new file mode 100644 index 00000000..c52cc16d --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/batch.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-batch" +description = "Enables the batch command without any pre-configured scope." +commands.allow = ["batch"] + +[[permission]] +identifier = "deny-batch" +description = "Denies the batch command without any pre-configured scope." +commands.deny = ["batch"] diff --git a/plugins/notification/permissions/autogenerated/commands/cancel.toml b/plugins/notification/permissions/autogenerated/commands/cancel.toml new file mode 100644 index 00000000..91efeaa0 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/cancel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-cancel" +description = "Enables the cancel command without any pre-configured scope." +commands.allow = ["cancel"] + +[[permission]] +identifier = "deny-cancel" +description = "Denies the cancel command without any pre-configured scope." +commands.deny = ["cancel"] diff --git a/plugins/notification/permissions/autogenerated/commands/check_permissions.toml b/plugins/notification/permissions/autogenerated/commands/check_permissions.toml new file mode 100644 index 00000000..f5af08b1 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/check_permissions.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-check-permissions" +description = "Enables the check_permissions command without any pre-configured scope." +commands.allow = ["check_permissions"] + +[[permission]] +identifier = "deny-check-permissions" +description = "Denies the check_permissions command without any pre-configured scope." +commands.deny = ["check_permissions"] diff --git a/plugins/notification/permissions/autogenerated/commands/create_channel.toml b/plugins/notification/permissions/autogenerated/commands/create_channel.toml new file mode 100644 index 00000000..2c931474 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/create_channel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-create-channel" +description = "Enables the create_channel command without any pre-configured scope." +commands.allow = ["create_channel"] + +[[permission]] +identifier = "deny-create-channel" +description = "Denies the create_channel command without any pre-configured scope." +commands.deny = ["create_channel"] diff --git a/plugins/notification/permissions/autogenerated/commands/delete_channel.toml b/plugins/notification/permissions/autogenerated/commands/delete_channel.toml new file mode 100644 index 00000000..0adaf2bb --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/delete_channel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-delete-channel" +description = "Enables the delete_channel command without any pre-configured scope." +commands.allow = ["delete_channel"] + +[[permission]] +identifier = "deny-delete-channel" +description = "Denies the delete_channel command without any pre-configured scope." +commands.deny = ["delete_channel"] diff --git a/plugins/notification/permissions/autogenerated/commands/get_active.toml b/plugins/notification/permissions/autogenerated/commands/get_active.toml new file mode 100644 index 00000000..b841eb85 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/get_active.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-active" +description = "Enables the get_active command without any pre-configured scope." +commands.allow = ["get_active"] + +[[permission]] +identifier = "deny-get-active" +description = "Denies the get_active command without any pre-configured scope." +commands.deny = ["get_active"] diff --git a/plugins/notification/permissions/autogenerated/commands/get_pending.toml b/plugins/notification/permissions/autogenerated/commands/get_pending.toml new file mode 100644 index 00000000..f3bae7a8 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/get_pending.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-pending" +description = "Enables the get_pending command without any pre-configured scope." +commands.allow = ["get_pending"] + +[[permission]] +identifier = "deny-get-pending" +description = "Denies the get_pending command without any pre-configured scope." +commands.deny = ["get_pending"] diff --git a/plugins/notification/permissions/autogenerated/commands/list_channels.toml b/plugins/notification/permissions/autogenerated/commands/list_channels.toml new file mode 100644 index 00000000..cb20cd57 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/list_channels.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-list-channels" +description = "Enables the list_channels command without any pre-configured scope." +commands.allow = ["list_channels"] + +[[permission]] +identifier = "deny-list-channels" +description = "Denies the list_channels command without any pre-configured scope." +commands.deny = ["list_channels"] diff --git a/plugins/notification/permissions/autogenerated/commands/permission_state.toml b/plugins/notification/permissions/autogenerated/commands/permission_state.toml new file mode 100644 index 00000000..dddcd86f --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/permission_state.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-permission-state" +description = "Enables the permission_state command without any pre-configured scope." +commands.allow = ["permission_state"] + +[[permission]] +identifier = "deny-permission-state" +description = "Denies the permission_state command without any pre-configured scope." +commands.deny = ["permission_state"] diff --git a/plugins/notification/permissions/autogenerated/commands/remove_active.toml b/plugins/notification/permissions/autogenerated/commands/remove_active.toml new file mode 100644 index 00000000..9ad2add1 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/remove_active.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-remove-active" +description = "Enables the remove_active command without any pre-configured scope." +commands.allow = ["remove_active"] + +[[permission]] +identifier = "deny-remove-active" +description = "Denies the remove_active command without any pre-configured scope." +commands.deny = ["remove_active"] diff --git a/plugins/notification/permissions/autogenerated/commands/show.toml b/plugins/notification/permissions/autogenerated/commands/show.toml new file mode 100644 index 00000000..3d4cbf38 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/show.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-show" +description = "Enables the show command without any pre-configured scope." +commands.allow = ["show"] + +[[permission]] +identifier = "deny-show" +description = "Denies the show command without any pre-configured scope." +commands.deny = ["show"] diff --git a/plugins/notification/permissions/autogenerated/reference.md b/plugins/notification/permissions/autogenerated/reference.md index e6fbf607..e6423259 100644 --- a/plugins/notification/permissions/autogenerated/reference.md +++ b/plugins/notification/permissions/autogenerated/reference.md @@ -1,13 +1,42 @@ | Permission | Description | |------|-----| +|`allow-batch`|Enables the batch command without any pre-configured scope.| +|`deny-batch`|Denies the batch command without any pre-configured scope.| +|`allow-cancel`|Enables the cancel command without any pre-configured scope.| +|`deny-cancel`|Denies the cancel command without any pre-configured scope.| +|`allow-check-permissions`|Enables the check_permissions command without any pre-configured scope.| +|`deny-check-permissions`|Denies the check_permissions command without any pre-configured scope.| +|`allow-create-channel`|Enables the create_channel command without any pre-configured scope.| +|`deny-create-channel`|Denies the create_channel command without any pre-configured scope.| +|`allow-delete-channel`|Enables the delete_channel command without any pre-configured scope.| +|`deny-delete-channel`|Denies the delete_channel command without any pre-configured scope.| +|`allow-get-active`|Enables the get_active command without any pre-configured scope.| +|`deny-get-active`|Denies the get_active command without any pre-configured scope.| +|`allow-get-pending`|Enables the get_pending command without any pre-configured scope.| +|`deny-get-pending`|Denies the get_pending command without any pre-configured scope.| |`allow-is-permission-granted`|Enables the is_permission_granted command without any pre-configured scope.| |`deny-is-permission-granted`|Denies the is_permission_granted command without any pre-configured scope.| +|`allow-list-channels`|Enables the list_channels command without any pre-configured scope.| +|`deny-list-channels`|Denies the list_channels command without any pre-configured scope.| |`allow-notify`|Enables the notify command without any pre-configured scope.| |`deny-notify`|Denies the notify command without any pre-configured scope.| +|`allow-permission-state`|Enables the permission_state command without any pre-configured scope.| +|`deny-permission-state`|Denies the permission_state command without any pre-configured scope.| |`allow-register-action-types`|Enables the register_action_types command without any pre-configured scope.| |`deny-register-action-types`|Denies the register_action_types command without any pre-configured scope.| |`allow-register-listener`|Enables the register_listener command without any pre-configured scope.| |`deny-register-listener`|Denies the register_listener command without any pre-configured scope.| +|`allow-remove-active`|Enables the remove_active command without any pre-configured scope.| +|`deny-remove-active`|Denies the remove_active command without any pre-configured scope.| |`allow-request-permission`|Enables the request_permission command without any pre-configured scope.| |`deny-request-permission`|Denies the request_permission command without any pre-configured scope.| -|`default`|Allows requesting permission, checking permission state and sending notifications| +|`allow-show`|Enables the show command without any pre-configured scope.| +|`deny-show`|Denies the show command without any pre-configured scope.| +|`default`|This permission set configures which +notification features are by default exposed. + +#### Granted Permissions + +It allows all notification related features. + +| diff --git a/plugins/notification/permissions/default.toml b/plugins/notification/permissions/default.toml index 2bd85142..e59d206a 100644 --- a/plugins/notification/permissions/default.toml +++ b/plugins/notification/permissions/default.toml @@ -1,8 +1,30 @@ "$schema" = "schemas/schema.json" [default] -description = "Allows requesting permission, checking permission state and sending notifications" +description = """ +This permission set configures which +notification features are by default exposed. + +#### Granted Permissions + +It allows all notification related features. + +""" + permissions = [ "allow-is-permission-granted", "allow-request-permission", "allow-notify", + "allow-register-action-types", + "allow-register-listener", + "allow-cancel", + "allow-get-pending", + "allow-remove-active", + "allow-get-active", + "allow-check-permissions", + "allow-show", + "allow-batch", + "allow-list-channels", + "allow-delete-channel", + "allow-create-channel", + "allow-permission-state" ] diff --git a/plugins/notification/permissions/schemas/schema.json b/plugins/notification/permissions/schemas/schema.json index 024ec1dc..0b20a6c5 100644 --- a/plugins/notification/permissions/schemas/schema.json +++ b/plugins/notification/permissions/schemas/schema.json @@ -294,6 +294,104 @@ "PermissionKind": { "type": "string", "oneOf": [ + { + "description": "allow-batch -> Enables the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-batch" + ] + }, + { + "description": "deny-batch -> Denies the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-batch" + ] + }, + { + "description": "allow-cancel -> Enables the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-cancel" + ] + }, + { + "description": "deny-cancel -> Denies the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-cancel" + ] + }, + { + "description": "allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-check-permissions" + ] + }, + { + "description": "deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-check-permissions" + ] + }, + { + "description": "allow-create-channel -> Enables the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-create-channel" + ] + }, + { + "description": "deny-create-channel -> Denies the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-create-channel" + ] + }, + { + "description": "allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-delete-channel" + ] + }, + { + "description": "deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-delete-channel" + ] + }, + { + "description": "allow-get-active -> Enables the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-get-active" + ] + }, + { + "description": "deny-get-active -> Denies the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-get-active" + ] + }, + { + "description": "allow-get-pending -> Enables the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-get-pending" + ] + }, + { + "description": "deny-get-pending -> Denies the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-get-pending" + ] + }, { "description": "allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -308,6 +406,20 @@ "deny-is-permission-granted" ] }, + { + "description": "allow-list-channels -> Enables the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-list-channels" + ] + }, + { + "description": "deny-list-channels -> Denies the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-list-channels" + ] + }, { "description": "allow-notify -> Enables the notify command without any pre-configured scope.", "type": "string", @@ -322,6 +434,20 @@ "deny-notify" ] }, + { + "description": "allow-permission-state -> Enables the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-permission-state" + ] + }, + { + "description": "deny-permission-state -> Denies the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-permission-state" + ] + }, { "description": "allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.", "type": "string", @@ -350,6 +476,20 @@ "deny-register-listener" ] }, + { + "description": "allow-remove-active -> Enables the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-remove-active" + ] + }, + { + "description": "deny-remove-active -> Denies the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-remove-active" + ] + }, { "description": "allow-request-permission -> Enables the request_permission command without any pre-configured scope.", "type": "string", @@ -365,7 +505,21 @@ ] }, { - "description": "default -> Allows requesting permission, checking permission state and sending notifications", + "description": "allow-show -> Enables the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-show" + ] + }, + { + "description": "deny-show -> Denies the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-show" + ] + }, + { + "description": "default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/os/permissions/autogenerated/reference.md b/plugins/os/permissions/autogenerated/reference.md index 563c8d28..73d43e51 100644 --- a/plugins/os/permissions/autogenerated/reference.md +++ b/plugins/os/permissions/autogenerated/reference.md @@ -16,3 +16,12 @@ |`deny-platform`|Denies the platform command without any pre-configured scope.| |`allow-version`|Enables the version command without any pre-configured scope.| |`deny-version`|Denies the version command without any pre-configured scope.| +|`default`|This permission set configures which +operating system information are available +to gather from the frontend. + +#### Granted Permissions + +All information except the host name are available. + +| diff --git a/plugins/os/permissions/default.toml b/plugins/os/permissions/default.toml new file mode 100644 index 00000000..f14e97fb --- /dev/null +++ b/plugins/os/permissions/default.toml @@ -0,0 +1,23 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +operating system information are available +to gather from the frontend. + +#### Granted Permissions + +All information except the host name are available. + +""" + +permissions = [ + "allow-arch", + "allow-exe-extension", + "allow-family", + "allow-locale", + "allow-os-type", + "allow-platform", + "allow-version", +] \ No newline at end of file diff --git a/plugins/os/permissions/schemas/schema.json b/plugins/os/permissions/schemas/schema.json index c325e383..5359f36c 100644 --- a/plugins/os/permissions/schemas/schema.json +++ b/plugins/os/permissions/schemas/schema.json @@ -405,6 +405,13 @@ "enum": [ "deny-version" ] + }, + { + "description": "default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/process/permissions/autogenerated/reference.md b/plugins/process/permissions/autogenerated/reference.md index 1bef22c9..949bf6ac 100644 --- a/plugins/process/permissions/autogenerated/reference.md +++ b/plugins/process/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-exit`|Denies the exit command without any pre-configured scope.| |`allow-restart`|Enables the restart command without any pre-configured scope.| |`deny-restart`|Denies the restart command without any pre-configured scope.| +|`default`|This permission set configures which +process feeatures are by default exposed. + +#### Granted Permissions + +This enables to quit via `allow-exit` and restart via `allow-restart` +the application. +| diff --git a/plugins/process/permissions/default.toml b/plugins/process/permissions/default.toml new file mode 100644 index 00000000..e492c55a --- /dev/null +++ b/plugins/process/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +process feeatures are by default exposed. + +#### Granted Permissions + +This enables to quit via `allow-exit` and restart via `allow-restart` +the application. +""" + +permissions = [ + "allow-exit", + "allow-restart", +] \ No newline at end of file diff --git a/plugins/process/permissions/schemas/schema.json b/plugins/process/permissions/schemas/schema.json index 98a1b344..3dc97704 100644 --- a/plugins/process/permissions/schemas/schema.json +++ b/plugins/process/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-restart" ] + }, + { + "description": "default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/shell/permissions/autogenerated/reference.md b/plugins/shell/permissions/autogenerated/reference.md index 8138c686..00af0dc4 100644 --- a/plugins/shell/permissions/autogenerated/reference.md +++ b/plugins/shell/permissions/autogenerated/reference.md @@ -10,3 +10,12 @@ |`deny-spawn`|Denies the spawn command without any pre-configured scope.| |`allow-stdin-write`|Enables the stdin_write command without any pre-configured scope.| |`deny-stdin-write`|Denies the stdin_write command without any pre-configured scope.| +|`default`|This permission set configures which +shell functionality is exposed by default. + +#### Granted Permissions + +It allows to use the `open` functionality without any specific +scope pre-configured. It will allow opening `http(s)://`, +`tel:` and `mailto:` links. +| diff --git a/plugins/shell/permissions/default.toml b/plugins/shell/permissions/default.toml new file mode 100644 index 00000000..4f17daa4 --- /dev/null +++ b/plugins/shell/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +shell functionality is exposed by default. + +#### Granted Permissions + +It allows to use the `open` functionality without any specific +scope pre-configured. It will allow opening `http(s)://`, +`tel:` and `mailto:` links. +""" + +permissions = [ + "allow-open", +] diff --git a/plugins/shell/permissions/schemas/schema.json b/plugins/shell/permissions/schemas/schema.json index 3ad11a47..9730ecc7 100644 --- a/plugins/shell/permissions/schemas/schema.json +++ b/plugins/shell/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-stdin-write" ] + }, + { + "description": "default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/sql/permissions/autogenerated/reference.md b/plugins/sql/permissions/autogenerated/reference.md index a3e12134..bbaa7b8e 100644 --- a/plugins/sql/permissions/autogenerated/reference.md +++ b/plugins/sql/permissions/autogenerated/reference.md @@ -8,3 +8,14 @@ |`deny-load`|Denies the load command without any pre-configured scope.| |`allow-select`|Enables the select command without any pre-configured scope.| |`deny-select`|Denies the select command without any pre-configured scope.| +|`default`|# Tauri SQL Default Permissions + +This permission set configures what kind of +database operations are available from the sql plugin. + +### Granted Permissions + +All reading related operations are enabled. +Also allows to load or close a connection. + +| diff --git a/plugins/sql/permissions/default.toml b/plugins/sql/permissions/default.toml new file mode 100644 index 00000000..dbea84f4 --- /dev/null +++ b/plugins/sql/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +# Tauri SQL Default Permissions + +This permission set configures what kind of +database operations are available from the sql plugin. + +### Granted Permissions + +All reading related operations are enabled. +Also allows to load or close a connection. + +""" +permissions = [ + "allow-close", + "allow-load", + "allow-select", +] diff --git a/plugins/sql/permissions/schemas/schema.json b/plugins/sql/permissions/schemas/schema.json index 3001321e..417e565d 100644 --- a/plugins/sql/permissions/schemas/schema.json +++ b/plugins/sql/permissions/schemas/schema.json @@ -349,6 +349,13 @@ "enum": [ "deny-select" ] + }, + { + "description": "default -> # Tauri SQL Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/store/permissions/autogenerated/reference.md b/plugins/store/permissions/autogenerated/reference.md index ea9c07f0..bab6429d 100644 --- a/plugins/store/permissions/autogenerated/reference.md +++ b/plugins/store/permissions/autogenerated/reference.md @@ -24,3 +24,11 @@ |`deny-set`|Denies the set command without any pre-configured scope.| |`allow-values`|Enables the values command without any pre-configured scope.| |`deny-values`|Denies the values command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the store plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/store/permissions/default.toml b/plugins/store/permissions/default.toml new file mode 100644 index 00000000..d2369b27 --- /dev/null +++ b/plugins/store/permissions/default.toml @@ -0,0 +1,26 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the store plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-clear", + "allow-delete", + "allow-entries", + "allow-get", + "allow-has", + "allow-keys", + "allow-length", + "allow-load", + "allow-reset", + "allow-save", + "allow-set", + "allow-values", +] diff --git a/plugins/store/permissions/schemas/schema.json b/plugins/store/permissions/schemas/schema.json index 33cd778e..70c5986b 100644 --- a/plugins/store/permissions/schemas/schema.json +++ b/plugins/store/permissions/schemas/schema.json @@ -461,6 +461,13 @@ "enum": [ "deny-values" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the store plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/stronghold/permissions/autogenerated/reference.md b/plugins/stronghold/permissions/autogenerated/reference.md index da3494eb..29b981ea 100644 --- a/plugins/stronghold/permissions/autogenerated/reference.md +++ b/plugins/stronghold/permissions/autogenerated/reference.md @@ -22,3 +22,11 @@ |`deny-save-secret`|Denies the save_secret command without any pre-configured scope.| |`allow-save-store-record`|Enables the save_store_record command without any pre-configured scope.| |`deny-save-store-record`|Denies the save_store_record command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the stronghold plugin. + +#### Granted Permissions + +All non-destructive operations are enabled by default. + +| diff --git a/plugins/stronghold/permissions/default.toml b/plugins/stronghold/permissions/default.toml new file mode 100644 index 00000000..c157fe7e --- /dev/null +++ b/plugins/stronghold/permissions/default.toml @@ -0,0 +1,22 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the stronghold plugin. + +#### Granted Permissions + +All non-destructive operations are enabled by default. + +""" +permissions = [ + "allow-create-client", + "allow-get-store-record", + "allow-initialize", + "allow-execute-procedure", + "allow-load-client", + "allow-save-secret", + "allow-save-store-record", + "allow-save", +] diff --git a/plugins/stronghold/permissions/schemas/schema.json b/plugins/stronghold/permissions/schemas/schema.json index a8d598ad..e01eab99 100644 --- a/plugins/stronghold/permissions/schemas/schema.json +++ b/plugins/stronghold/permissions/schemas/schema.json @@ -447,6 +447,13 @@ "enum": [ "deny-save-store-record" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the stronghold plugin.\n\n#### Granted Permissions\n\nAll non-destructive operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/updater/permissions/autogenerated/reference.md b/plugins/updater/permissions/autogenerated/reference.md index e9991380..a2d74add 100644 --- a/plugins/updater/permissions/autogenerated/reference.md +++ b/plugins/updater/permissions/autogenerated/reference.md @@ -8,4 +8,12 @@ |`deny-download-and-install`|Denies the download_and_install command without any pre-configured scope.| |`allow-install`|Enables the install command without any pre-configured scope.| |`deny-install`|Denies the install command without any pre-configured scope.| -|`default`|Allows checking for new updates and installing them| +|`default`|This permission set configures which kind of +updater functions are exposed to the frontend. + +#### Granted Permissions + +The full workflow from checking for updates to installing them +is enabled. + +| diff --git a/plugins/updater/permissions/default.toml b/plugins/updater/permissions/default.toml index ea994115..6ae34b6b 100644 --- a/plugins/updater/permissions/default.toml +++ b/plugins/updater/permissions/default.toml @@ -1,6 +1,15 @@ "$schema" = "schemas/schema.json" [default] -description = "Allows checking for new updates and installing them" +description = """ +This permission set configures which kind of +updater functions are exposed to the frontend. + +#### Granted Permissions + +The full workflow from checking for updates to installing them +is enabled. + +""" permissions = [ "allow-check", "allow-download", diff --git a/plugins/updater/permissions/schemas/schema.json b/plugins/updater/permissions/schemas/schema.json index 4d03368e..b6eacc0a 100644 --- a/plugins/updater/permissions/schemas/schema.json +++ b/plugins/updater/permissions/schemas/schema.json @@ -351,7 +351,7 @@ ] }, { - "description": "default -> Allows checking for new updates and installing them", + "description": "default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/upload/permissions/autogenerated/reference.md b/plugins/upload/permissions/autogenerated/reference.md index 2b4cb1b6..2ad3df81 100644 --- a/plugins/upload/permissions/autogenerated/reference.md +++ b/plugins/upload/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-download`|Denies the download command without any pre-configured scope.| |`allow-upload`|Enables the upload command without any pre-configured scope.| |`deny-upload`|Denies the upload command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the upload plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/upload/permissions/default.toml b/plugins/upload/permissions/default.toml new file mode 100644 index 00000000..8ef4bfe2 --- /dev/null +++ b/plugins/upload/permissions/default.toml @@ -0,0 +1,16 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the upload plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-upload", + "allow-download" +] diff --git a/plugins/upload/permissions/schemas/schema.json b/plugins/upload/permissions/schemas/schema.json index 7d544d35..d0b24219 100644 --- a/plugins/upload/permissions/schemas/schema.json +++ b/plugins/upload/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-upload" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/window-state/permissions/autogenerated/reference.md b/plugins/window-state/permissions/autogenerated/reference.md index 22790617..7a0f628e 100644 --- a/plugins/window-state/permissions/autogenerated/reference.md +++ b/plugins/window-state/permissions/autogenerated/reference.md @@ -6,3 +6,11 @@ |`deny-restore-state`|Denies the restore_state command without any pre-configured scope.| |`allow-save-window-state`|Enables the save_window_state command without any pre-configured scope.| |`deny-save-window-state`|Denies the save_window_state command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the window state plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/window-state/permissions/default.toml b/plugins/window-state/permissions/default.toml new file mode 100644 index 00000000..1823e198 --- /dev/null +++ b/plugins/window-state/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the window state plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-filename", + "allow-restore-state", + "allow-save-window-state", +] diff --git a/plugins/window-state/permissions/schemas/schema.json b/plugins/window-state/permissions/schemas/schema.json index b0ab7f52..008bdcb7 100644 --- a/plugins/window-state/permissions/schemas/schema.json +++ b/plugins/window-state/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-save-window-state" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the window state plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] }