max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(fs): app scopes not properly enabling paths (#1774)

Browse Source
pull/1777/head
Lucas Fernandes Nogueira 9 months ago committed by GitHub
parent 009299ebec
commit cc03ccf5e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
36 changed files with 350 additions and 343 deletions
Show Stats Download Patch File Download Diff File

5
.changes/fix-fs-app-scopes.md
Unescape View File

@ -0,0 +1,5 @@
---
"fs": patch
---
Fix `scope-app`, `scope-app-recursive` and `scope-index` not properly enabling the application paths.

40
examples/api/src-tauri/gen/schemas/desktop-schema.json
Unescape View File

@ -150,42 +150,42 @@
] ]
}, },
{ {
"description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta" "fs:allow-app-meta"
] ]
}, },
{ {
"description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta-recursive" "fs:allow-app-meta-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-read -> This allows non-recursive read access to the `$APP` folder.", "description": "fs:allow-app-read -> This allows non-recursive read access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read" "fs:allow-app-read"
] ]
}, },
{ {
"description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read-recursive" "fs:allow-app-read-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-write -> This allows non-recursive write access to the `$APP` folder.", "description": "fs:allow-app-write -> This allows non-recursive write access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write" "fs:allow-app-write"
] ]
}, },
{ {
"description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write-recursive" "fs:allow-app-write-recursive"
@ -1606,21 +1606,21 @@
] ]
}, },
{ {
"description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.", "description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app" "fs:scope-app"
] ]
}, },
{ {
"description": "fs:scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.", "description": "fs:scope-app-index -> This scope permits to list all files and folders in the application directories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-index" "fs:scope-app-index"
] ]
}, },
{ {
"description": "fs:scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.", "description": "fs:scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-recursive" "fs:scope-app-recursive"
@ -2427,7 +2427,7 @@
] ]
}, },
"cmd": { "cmd": {
"description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.", "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"type": "string" "type": "string"
}, },
"name": { "name": {
@ -2462,7 +2462,7 @@
] ]
}, },
"cmd": { "cmd": {
"description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.", "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"type": "string" "type": "string"
}, },
"name": { "name": {
@ -4641,42 +4641,42 @@
] ]
}, },
{ {
"description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta" "fs:allow-app-meta"
] ]
}, },
{ {
"description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta-recursive" "fs:allow-app-meta-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-read -> This allows non-recursive read access to the `$APP` folder.", "description": "fs:allow-app-read -> This allows non-recursive read access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read" "fs:allow-app-read"
] ]
}, },
{ {
"description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read-recursive" "fs:allow-app-read-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-write -> This allows non-recursive write access to the `$APP` folder.", "description": "fs:allow-app-write -> This allows non-recursive write access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write" "fs:allow-app-write"
] ]
}, },
{ {
"description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write-recursive" "fs:allow-app-write-recursive"
@ -6104,21 +6104,21 @@
] ]
}, },
{ {
"description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.", "description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app" "fs:scope-app"
] ]
}, },
{ {
"description": "fs:scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.", "description": "fs:scope-app-index -> This scope permits to list all files and folders in the application directories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-index" "fs:scope-app-index"
] ]
}, },
{ {
"description": "fs:scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.", "description": "fs:scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-recursive" "fs:scope-app-recursive"

40
examples/api/src-tauri/gen/schemas/mobile-schema.json
Unescape View File

@ -150,42 +150,42 @@
] ]
}, },
{ {
"description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta" "fs:allow-app-meta"
] ]
}, },
{ {
"description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta-recursive" "fs:allow-app-meta-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-read -> This allows non-recursive read access to the `$APP` folder.", "description": "fs:allow-app-read -> This allows non-recursive read access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read" "fs:allow-app-read"
] ]
}, },
{ {
"description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read-recursive" "fs:allow-app-read-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-write -> This allows non-recursive write access to the `$APP` folder.", "description": "fs:allow-app-write -> This allows non-recursive write access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write" "fs:allow-app-write"
] ]
}, },
{ {
"description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write-recursive" "fs:allow-app-write-recursive"
@ -1606,21 +1606,21 @@
] ]
}, },
{ {
"description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.", "description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app" "fs:scope-app"
] ]
}, },
{ {
"description": "fs:scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.", "description": "fs:scope-app-index -> This scope permits to list all files and folders in the application directories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-index" "fs:scope-app-index"
] ]
}, },
{ {
"description": "fs:scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.", "description": "fs:scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-recursive" "fs:scope-app-recursive"
@ -2427,7 +2427,7 @@
] ]
}, },
"cmd": { "cmd": {
"description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.", "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"type": "string" "type": "string"
}, },
"name": { "name": {
@ -2462,7 +2462,7 @@
] ]
}, },
"cmd": { "cmd": {
"description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.", "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
"type": "string" "type": "string"
}, },
"name": { "name": {
@ -4746,42 +4746,42 @@
] ]
}, },
{ {
"description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta" "fs:allow-app-meta"
] ]
}, },
{ {
"description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "fs:allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-meta-recursive" "fs:allow-app-meta-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-read -> This allows non-recursive read access to the `$APP` folder.", "description": "fs:allow-app-read -> This allows non-recursive read access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read" "fs:allow-app-read"
] ]
}, },
{ {
"description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-read-recursive" "fs:allow-app-read-recursive"
] ]
}, },
{ {
"description": "fs:allow-app-write -> This allows non-recursive write access to the `$APP` folder.", "description": "fs:allow-app-write -> This allows non-recursive write access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write" "fs:allow-app-write"
] ]
}, },
{ {
"description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.", "description": "fs:allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:allow-app-write-recursive" "fs:allow-app-write-recursive"
@ -6209,21 +6209,21 @@
] ]
}, },
{ {
"description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.", "description": "fs:scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app" "fs:scope-app"
] ]
}, },
{ {
"description": "fs:scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.", "description": "fs:scope-app-index -> This scope permits to list all files and folders in the application directories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-index" "fs:scope-app-index"
] ]
}, },
{ {
"description": "fs:scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.", "description": "fs:scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
"type": "string", "type": "string",
"enum": [ "enum": [
"fs:scope-app-recursive" "fs:scope-app-recursive"

1
plugins/fs/build.rs
Unescape View File

@ -52,7 +52,6 @@ const BASE_DIR_VARS: &[&str] = &[
"TEMPLATE", "TEMPLATE",
"VIDEO", "VIDEO",
"RESOURCE", "RESOURCE",
"APP",
"LOG", "LOG",
"TEMP", "TEMP",
"APPCONFIG", "APPCONFIG",

2
plugins/fs/guest-js/index.ts
Unescape View File

@ -270,7 +270,7 @@ class FileHandle extends Resource {
* @example * @example
* ```typescript * ```typescript
* import { open, BaseDirectory } from "@tauri-apps/plugin-fs" * import { open, BaseDirectory } from "@tauri-apps/plugin-fs"
* // if "$APP/foo/bar.txt" contains the text "hello world": * // if "$APPCONFIG/foo/bar.txt" contains the text "hello world":
* const file = await open("foo/bar.txt", { baseDir: BaseDirectory.AppConfig }); * const file = await open("foo/bar.txt", { baseDir: BaseDirectory.AppConfig });
* const buf = new Uint8Array(100); * const buf = new Uint8Array(100);
* const numberOfBytesRead = await file.read(buf); // 11 bytes * const numberOfBytesRead = await file.read(buf); // 11 bytes

114
plugins/fs/permissions/app.toml
Unescape View File

@ -0,0 +1,114 @@
"$schema" = "schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-app-recursive"
description = "This scope permits recursive access to the complete application folders, including sub directories and files."
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPCONFIG/**"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPDATA/**"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA/**"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPCACHE/**"
[[permission.scope.allow]]
path = "$APPLOG"
[[permission.scope.allow]]
path = "$APPLOG/**"
[[permission]]
identifier = "scope-app"
description = "This scope permits access to all files and list content of top level directories in the application folders."
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPCONFIG/*"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPDATA/*"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA/*"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPCACHE/*"
[[permission.scope.allow]]
path = "$APPLOG"
[[permission.scope.allow]]
path = "$APPLOG/*"
[[permission]]
identifier = "scope-app-index"
description = "This scope permits to list all files and folders in the application directories."
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPLOG"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-app-read-recursive"
description = "This allows full recursive read access to the complete application folders, files and subdirectories."
permissions = ["read-all", "scope-app-recursive"]
[[set]]
identifier = "allow-app-write-recursive"
description = "This allows full recursive write access to the complete application folders, files and subdirectories."
permissions = ["write-all", "scope-app-recursive"]
[[set]]
identifier = "allow-app-read"
description = "This allows non-recursive read access to the application folders."
permissions = ["read-all", "scope-app"]
[[set]]
identifier = "allow-app-write"
description = "This allows non-recursive write access to the application folders."
permissions = ["write-all", "scope-app"]
[[set]]
identifier = "allow-app-meta-recursive"
description = "This allows full recursive read access to metadata of the application folders, including file listing and statistics."
permissions = ["read-meta", "scope-app-recursive"]
[[set]]
identifier = "allow-app-meta"
description = "This allows non-recursive read access to metadata of the application folders, including file listing and statistics."
permissions = ["read-meta", "scope-app-index"]

82
plugins/fs/permissions/autogenerated/base-directories/app.toml
Unescape View File

@ -1,82 +0,0 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-app-recursive"
description = "This scope permits recursive access to the complete `$APP` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APP"
[[permission.scope.allow]]
path = "$APP/**"
[[permission]]
identifier = "scope-app"
description = "This scope permits access to all files and list content of top level directories in the `$APP`folder."
[[permission.scope.allow]]
path = "$APP"
[[permission.scope.allow]]
path = "$APP/*"
[[permission]]
identifier = "scope-app-index"
description = "This scope permits to list all files and folders in the `$APP`folder."
[[permission.scope.allow]]
path = "$APP"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-app-read-recursive"
description = "This allows full recursive read access to the complete `$APP` folder, files and subdirectories."
permissions = [
"read-all",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-write-recursive"
description = "This allows full recursive write access to the complete `$APP` folder, files and subdirectories."
permissions = [
"write-all",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-read"
description = "This allows non-recursive read access to the `$APP` folder."
permissions = [
"read-all",
"scope-app"
]
[[set]]
identifier = "allow-app-write"
description = "This allows non-recursive write access to the `$APP` folder."
permissions = [
"write-all",
"scope-app"
]
[[set]]
identifier = "allow-app-meta-recursive"
description = "This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-meta"
description = "This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-app-index"
]

18
plugins/fs/permissions/autogenerated/reference.md
Unescape View File

@ -47,7 +47,7 @@ On Windows the webview data folder access is denied.
</td> </td>
<td> <td>
This allows full recursive read access to the complete `$APP` folder, files and subdirectories. This allows full recursive read access to the complete application folders, files and subdirectories.
</td> </td>
</tr> </tr>
@ -60,7 +60,7 @@ This allows full recursive read access to the complete `$APP` folder, files and
</td> </td>
<td> <td>
This allows full recursive write access to the complete `$APP` folder, files and subdirectories. This allows full recursive write access to the complete application folders, files and subdirectories.
</td> </td>
</tr> </tr>
@ -73,7 +73,7 @@ This allows full recursive write access to the complete `$APP` folder, files and
</td> </td>
<td> <td>
This allows non-recursive read access to the `$APP` folder. This allows non-recursive read access to the application folders.
</td> </td>
</tr> </tr>
@ -86,7 +86,7 @@ This allows non-recursive read access to the `$APP` folder.
</td> </td>
<td> <td>
This allows non-recursive write access to the `$APP` folder. This allows non-recursive write access to the application folders.
</td> </td>
</tr> </tr>
@ -99,7 +99,7 @@ This allows non-recursive write access to the `$APP` folder.
</td> </td>
<td> <td>
This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics. This allows full recursive read access to metadata of the application folders, including file listing and statistics.
</td> </td>
</tr> </tr>
@ -112,7 +112,7 @@ This allows full recursive read access to metadata of the `$APP` folder, includi
</td> </td>
<td> <td>
This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics. This allows non-recursive read access to metadata of the application folders, including file listing and statistics.
</td> </td>
</tr> </tr>
@ -125,7 +125,7 @@ This allows non-recursive read access to metadata of the `$APP` folder, includin
</td> </td>
<td> <td>
This scope permits recursive access to the complete `$APP` folder, including sub directories and files. This scope permits recursive access to the complete application folders, including sub directories and files.
</td> </td>
</tr> </tr>
@ -138,7 +138,7 @@ This scope permits recursive access to the complete `$APP` folder, including sub
</td> </td>
<td> <td>
This scope permits access to all files and list content of top level directories in the `$APP`folder. This scope permits access to all files and list content of top level directories in the application folders.
</td> </td>
</tr> </tr>
@ -151,7 +151,7 @@ This scope permits access to all files and list content of top level directories
</td> </td>
<td> <td>
This scope permits to list all files and folders in the `$APP`folder. This scope permits to list all files and folders in the application directories.
</td> </td>
</tr> </tr>

17
plugins/fs/permissions/create-app-specific-dirs.toml
Unescape View File

@ -5,19 +5,4 @@ identifier = "create-app-specific-dirs"
description = """ description = """
This permissions allows to create the application specific directories. This permissions allows to create the application specific directories.
""" """
commands.allow = ["mkdir"] commands.allow = ["mkdir", "scope-app-index"]
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPLOG"

16
plugins/fs/permissions/read-app-specific-dirs-recursive.toml
Unescape View File

@ -13,19 +13,5 @@ commands.allow = [
"read_text_file_lines", "read_text_file_lines",
"read_text_file_lines_next", "read_text_file_lines_next",
"exists", "exists",
"scope-app-recursive",
] ]
[[permission.scope.allow]]
path = "$APPCONFIG/**"
[[permission.scope.allow]]
path = "$APPDATA/**"
[[permission.scope.allow]]
path = "$APPLOCALDATA/**"
[[permission.scope.allow]]
path = "$APPCACHE/**"
[[permission.scope.allow]]
path = "$APPLOG/**"

18
plugins/fs/permissions/schemas/schema.json
Unescape View File

@ -295,63 +295,63 @@
"type": "string", "type": "string",
"oneOf": [ "oneOf": [
{ {
"description": "allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.", "description": "allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-read-recursive" "allow-app-read-recursive"
] ]
}, },
{ {
"description": "allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.", "description": "allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-write-recursive" "allow-app-write-recursive"
] ]
}, },
{ {
"description": "allow-app-read -> This allows non-recursive read access to the `$APP` folder.", "description": "allow-app-read -> This allows non-recursive read access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-read" "allow-app-read"
] ]
}, },
{ {
"description": "allow-app-write -> This allows non-recursive write access to the `$APP` folder.", "description": "allow-app-write -> This allows non-recursive write access to the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-write" "allow-app-write"
] ]
}, },
{ {
"description": "allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-meta-recursive" "allow-app-meta-recursive"
] ]
}, },
{ {
"description": "allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.", "description": "allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
"type": "string", "type": "string",
"enum": [ "enum": [
"allow-app-meta" "allow-app-meta"
] ]
}, },
{ {
"description": "scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.", "description": "scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
"type": "string", "type": "string",
"enum": [ "enum": [
"scope-app-recursive" "scope-app-recursive"
] ]
}, },
{ {
"description": "scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.", "description": "scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
"type": "string", "type": "string",
"enum": [ "enum": [
"scope-app" "scope-app"
] ]
}, },
{ {
"description": "scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.", "description": "scope-app-index -> This scope permits to list all files and folders in the application directories.",
"type": "string", "type": "string",
"enum": [ "enum": [
"scope-app-index" "scope-app-index"

2
plugins/shell/src/scope_entry.rs
Unescape View File

@ -19,7 +19,7 @@ pub struct Entry {
/// It can start with a variable that resolves to a system base directory. /// It can start with a variable that resolves to a system base directory.
/// The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, /// The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`,
/// `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, /// `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`,
/// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, /// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`,
/// `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`. /// `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.
// use default just so the schema doesn't flag it as required // use default just so the schema doesn't flag it as required
#[serde(rename = "cmd")] #[serde(rename = "cmd")]

Write Preview
Loading…
Cancel
Save