diff --git a/examples/api/src-tauri/gen/schemas/desktop-schema.json b/examples/api/src-tauri/gen/schemas/desktop-schema.json index 532940df2..58277295a 100644 --- a/examples/api/src-tauri/gen/schemas/desktop-schema.json +++ b/examples/api/src-tauri/gen/schemas/desktop-schema.json @@ -142,7 +142,7 @@ "identifier": { "oneOf": [ { - "description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "fs:default" @@ -1373,6 +1373,13 @@ "fs:allow-write-text-file" ] }, + { + "description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "fs:create-app-specific-dirs" + ] + }, { "description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.", "type": "string", @@ -1562,6 +1569,13 @@ "fs:read-all" ] }, + { + "description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "fs:read-app-specific-dirs-recursive" + ] + }, { "description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", @@ -2190,7 +2204,7 @@ "identifier": { "oneOf": [ { - "description": "http:default -> Allows all fetch operations", + "description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "http:default" @@ -2313,6 +2327,7 @@ "identifier": { "oneOf": [ { + "description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", "type": "string", "enum": [ "shell:default" @@ -2567,6 +2582,7 @@ ] }, { + "description": "clipboard-manager:default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n", "type": "string", "enum": [ "clipboard-manager:default" @@ -2657,6 +2673,7 @@ ] }, { + "description": "dialog:default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n", "type": "string", "enum": [ "dialog:default" @@ -3853,7 +3870,7 @@ ] }, { - "description": "fs:default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "fs:default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "fs:default" @@ -4027,6 +4044,13 @@ "fs:allow-write-text-file" ] }, + { + "description": "fs:create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "fs:create-app-specific-dirs" + ] + }, { "description": "fs:deny-copy-file -> Denies the copy_file command without any pre-configured scope.", "type": "string", @@ -4216,6 +4240,13 @@ "fs:read-all" ] }, + { + "description": "fs:read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "fs:read-app-specific-dirs-recursive" + ] + }, { "description": "fs:read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", @@ -4784,6 +4815,7 @@ ] }, { + "description": "global-shortcut:default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n", "type": "string", "enum": [ "global-shortcut:default" @@ -4860,7 +4892,7 @@ ] }, { - "description": "http:default -> Allows all fetch operations", + "description": "http:default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "http:default" @@ -5336,12 +5368,61 @@ ] }, { - "description": "notification:default -> Allows requesting permission, checking permission state and sending notifications", + "description": "notification:default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n", "type": "string", "enum": [ "notification:default" ] }, + { + "description": "notification:allow-batch -> Enables the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-batch" + ] + }, + { + "description": "notification:allow-cancel -> Enables the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-cancel" + ] + }, + { + "description": "notification:allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-check-permissions" + ] + }, + { + "description": "notification:allow-create-channel -> Enables the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-create-channel" + ] + }, + { + "description": "notification:allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-delete-channel" + ] + }, + { + "description": "notification:allow-get-active -> Enables the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-get-active" + ] + }, + { + "description": "notification:allow-get-pending -> Enables the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-get-pending" + ] + }, { "description": "notification:allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -5349,6 +5430,13 @@ "notification:allow-is-permission-granted" ] }, + { + "description": "notification:allow-list-channels -> Enables the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-list-channels" + ] + }, { "description": "notification:allow-notify -> Enables the notify command without any pre-configured scope.", "type": "string", @@ -5356,6 +5444,13 @@ "notification:allow-notify" ] }, + { + "description": "notification:allow-permission-state -> Enables the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-permission-state" + ] + }, { "description": "notification:allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.", "type": "string", @@ -5370,6 +5465,13 @@ "notification:allow-register-listener" ] }, + { + "description": "notification:allow-remove-active -> Enables the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-remove-active" + ] + }, { "description": "notification:allow-request-permission -> Enables the request_permission command without any pre-configured scope.", "type": "string", @@ -5377,6 +5479,62 @@ "notification:allow-request-permission" ] }, + { + "description": "notification:allow-show -> Enables the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:allow-show" + ] + }, + { + "description": "notification:deny-batch -> Denies the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-batch" + ] + }, + { + "description": "notification:deny-cancel -> Denies the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-cancel" + ] + }, + { + "description": "notification:deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-check-permissions" + ] + }, + { + "description": "notification:deny-create-channel -> Denies the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-create-channel" + ] + }, + { + "description": "notification:deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-delete-channel" + ] + }, + { + "description": "notification:deny-get-active -> Denies the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-get-active" + ] + }, + { + "description": "notification:deny-get-pending -> Denies the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-get-pending" + ] + }, { "description": "notification:deny-is-permission-granted -> Denies the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -5384,6 +5542,13 @@ "notification:deny-is-permission-granted" ] }, + { + "description": "notification:deny-list-channels -> Denies the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-list-channels" + ] + }, { "description": "notification:deny-notify -> Denies the notify command without any pre-configured scope.", "type": "string", @@ -5391,6 +5556,13 @@ "notification:deny-notify" ] }, + { + "description": "notification:deny-permission-state -> Denies the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-permission-state" + ] + }, { "description": "notification:deny-register-action-types -> Denies the register_action_types command without any pre-configured scope.", "type": "string", @@ -5405,6 +5577,13 @@ "notification:deny-register-listener" ] }, + { + "description": "notification:deny-remove-active -> Denies the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-remove-active" + ] + }, { "description": "notification:deny-request-permission -> Denies the request_permission command without any pre-configured scope.", "type": "string", @@ -5413,6 +5592,14 @@ ] }, { + "description": "notification:deny-show -> Denies the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "notification:deny-show" + ] + }, + { + "description": "os:default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n", "type": "string", "enum": [ "os:default" @@ -5650,6 +5837,7 @@ ] }, { + "description": "process:default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n", "type": "string", "enum": [ "process:default" @@ -5705,6 +5893,7 @@ ] }, { + "description": "shell:default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", "type": "string", "enum": [ "shell:default" @@ -5942,7 +6131,7 @@ ] }, { - "description": "updater:default -> Allows checking for new updates and installing them", + "description": "updater:default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n", "type": "string", "enum": [ "updater:default" diff --git a/plugins/autostart/permissions/autogenerated/reference.md b/plugins/autostart/permissions/autogenerated/reference.md index 73d22eb9d..329e5a0be 100644 --- a/plugins/autostart/permissions/autogenerated/reference.md +++ b/plugins/autostart/permissions/autogenerated/reference.md @@ -6,3 +6,13 @@ |`deny-enable`|Denies the enable command without any pre-configured scope.| |`allow-is-enabled`|Enables the is_enabled command without any pre-configured scope.| |`deny-is-enabled`|Denies the is_enabled command without any pre-configured scope.| +|`default`|This permission set configures if your +application can enable or disable auto +starting the application on boot. + +#### Granted Permissions + +It allows all to check, enable and +disable the automatic start on boot. + +| diff --git a/plugins/autostart/permissions/default.toml b/plugins/autostart/permissions/default.toml new file mode 100644 index 000000000..e2f71212e --- /dev/null +++ b/plugins/autostart/permissions/default.toml @@ -0,0 +1,19 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures if your +application can enable or disable auto +starting the application on boot. + +#### Granted Permissions + +It allows all to check, enable and +disable the automatic start on boot. + +""" + +permissions = [ + "allow-enable", + "allow-disable", + "allow-is-enabled", +] diff --git a/plugins/autostart/permissions/schemas/schema.json b/plugins/autostart/permissions/schemas/schema.json index 901d274c9..4ec9e10ef 100644 --- a/plugins/autostart/permissions/schemas/schema.json +++ b/plugins/autostart/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-is-enabled" ] + }, + { + "description": "default -> This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/barcode-scanner/permissions/autogenerated/reference.md b/plugins/barcode-scanner/permissions/autogenerated/reference.md index 1d45e36c1..452b1042f 100644 --- a/plugins/barcode-scanner/permissions/autogenerated/reference.md +++ b/plugins/barcode-scanner/permissions/autogenerated/reference.md @@ -12,3 +12,11 @@ |`deny-scan`|Denies the scan command without any pre-configured scope.| |`allow-vibrate`|Enables the vibrate command without any pre-configured scope.| |`deny-vibrate`|Denies the vibrate command without any pre-configured scope.| +|`default`|This permission set configures which +barcode scanning features are by default exposed. + +#### Granted Permissions + +It allows all barcode related features. + +| diff --git a/plugins/barcode-scanner/permissions/default.toml b/plugins/barcode-scanner/permissions/default.toml new file mode 100644 index 000000000..3b5a2dfda --- /dev/null +++ b/plugins/barcode-scanner/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures which +barcode scanning features are by default exposed. + +#### Granted Permissions + +It allows all barcode related features. + +""" + +permissions = [ + "allow-cancel", + "allow-check-permissions", + "allow-open-app-settings", + "allow-request-permissions", + "allow-scan", + "allow-vibrate", +] diff --git a/plugins/barcode-scanner/permissions/schemas/schema.json b/plugins/barcode-scanner/permissions/schemas/schema.json index 433df113b..7e99ee7c8 100644 --- a/plugins/barcode-scanner/permissions/schemas/schema.json +++ b/plugins/barcode-scanner/permissions/schemas/schema.json @@ -377,6 +377,13 @@ "enum": [ "deny-vibrate" ] + }, + { + "description": "default -> This permission set configures which\nbarcode scanning features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all barcode related features.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/biometric/permissions/autogenerated/reference.md b/plugins/biometric/permissions/autogenerated/reference.md index e48ce0662..6f57ebd36 100644 --- a/plugins/biometric/permissions/autogenerated/reference.md +++ b/plugins/biometric/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-authenticate`|Denies the authenticate command without any pre-configured scope.| |`allow-status`|Enables the status command without any pre-configured scope.| |`deny-status`|Denies the status command without any pre-configured scope.| +|`default`|This permission set configures which +biometric features are by default exposed. + +#### Granted Permissions + +It allows acccess to all biometric commands. + +| diff --git a/plugins/biometric/permissions/default.toml b/plugins/biometric/permissions/default.toml new file mode 100644 index 000000000..f50061b73 --- /dev/null +++ b/plugins/biometric/permissions/default.toml @@ -0,0 +1,16 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +This permission set configures which +biometric features are by default exposed. + +#### Granted Permissions + +It allows acccess to all biometric commands. + +""" + +permissions = [ + "allow-authenticate", + "allow-status", +] diff --git a/plugins/biometric/permissions/schemas/schema.json b/plugins/biometric/permissions/schemas/schema.json index d134e66ec..f992c8c68 100644 --- a/plugins/biometric/permissions/schemas/schema.json +++ b/plugins/biometric/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-status" ] + }, + { + "description": "default -> This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/clipboard-manager/permissions/autogenerated/reference.md b/plugins/clipboard-manager/permissions/autogenerated/reference.md index 061409658..4ce23a4e6 100644 --- a/plugins/clipboard-manager/permissions/autogenerated/reference.md +++ b/plugins/clipboard-manager/permissions/autogenerated/reference.md @@ -12,3 +12,9 @@ |`deny-write-image`|Denies the write_image command without any pre-configured scope.| |`allow-write-text`|Enables the write_text command without any pre-configured scope.| |`deny-write-text`|Denies the write_text command without any pre-configured scope.| +|`default`|No features are enabled by default, as we believe +the clipboard can be inherently dangerous and it is +application specific if read and/or write access is needed. + +Clipboard interaction needs to be explicitly enabled. +| diff --git a/plugins/clipboard-manager/permissions/default.toml b/plugins/clipboard-manager/permissions/default.toml new file mode 100644 index 000000000..d6f651953 --- /dev/null +++ b/plugins/clipboard-manager/permissions/default.toml @@ -0,0 +1,11 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +No features are enabled by default, as we believe +the clipboard can be inherently dangerous and it is +application specific if read and/or write access is needed. + +Clipboard interaction needs to be explicitly enabled. +""" + +permissions = [] diff --git a/plugins/clipboard-manager/permissions/schemas/schema.json b/plugins/clipboard-manager/permissions/schemas/schema.json index b00ff99a9..90e00c4d1 100644 --- a/plugins/clipboard-manager/permissions/schemas/schema.json +++ b/plugins/clipboard-manager/permissions/schemas/schema.json @@ -377,6 +377,13 @@ "enum": [ "deny-write-text" ] + }, + { + "description": "default -> No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt b/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt index 58bc70c74..db4e79af7 100644 --- a/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt +++ b/plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt @@ -40,6 +40,8 @@ class DeepLinkPlugin(private val activity: Activity): Plugin(activity) { invoke.resolve(ret) } + // This command should not be added to the `build.rs` and exposed as it is only + // used internally from the rust backend. @Command fun setEventHandler(invoke: Invoke) { val args = invoke.parseArgs(SetEventHandlerArgs::class.java) diff --git a/plugins/dialog/permissions/autogenerated/reference.md b/plugins/dialog/permissions/autogenerated/reference.md index 0f5c9a7d9..e69bf5d8d 100644 --- a/plugins/dialog/permissions/autogenerated/reference.md +++ b/plugins/dialog/permissions/autogenerated/reference.md @@ -10,3 +10,12 @@ |`deny-open`|Denies the open command without any pre-configured scope.| |`allow-save`|Enables the save command without any pre-configured scope.| |`deny-save`|Denies the save command without any pre-configured scope.| +|`default`|This permission set configures the types of dialogs +available from the dialog plugin. + +#### Granted Permissions + +All dialog types are enabled. + + +| diff --git a/plugins/dialog/permissions/default.toml b/plugins/dialog/permissions/default.toml new file mode 100644 index 000000000..59265f546 --- /dev/null +++ b/plugins/dialog/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures the types of dialogs +available from the dialog plugin. + +#### Granted Permissions + +All dialog types are enabled. + + +""" +permissions = [ + "allow-ask", + "allow-confirm", + "allow-message", + "allow-save", + "allow-open", +] diff --git a/plugins/dialog/permissions/schemas/schema.json b/plugins/dialog/permissions/schemas/schema.json index b8940d26e..4a8d59af9 100644 --- a/plugins/dialog/permissions/schemas/schema.json +++ b/plugins/dialog/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-save" ] + }, + { + "description": "default -> This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/fs/permissions/autogenerated/reference.md b/plugins/fs/permissions/autogenerated/reference.md index 723288770..045d1a0be 100644 --- a/plugins/fs/permissions/autogenerated/reference.md +++ b/plugins/fs/permissions/autogenerated/reference.md @@ -273,23 +273,27 @@ |`deny-write-file`|Denies the write_file command without any pre-configured scope.| |`allow-write-text-file`|Enables the write_text_file command without any pre-configured scope.| |`deny-write-text-file`|Denies the write_text_file command without any pre-configured scope.| -|`default`|# Tauri `fs` default permissions +|`create-app-specific-dirs`|This permissions allows to create the application specific directories. +| +|`default`|This set of permissions describes the what kind of +file system access the `fs` plugin has enabled or denied by default. -This configuration file defines the default permissions granted -to the filesystem. +#### Granted Permissions -### Granted Permissions - -This default permission set enables all read-related commands and -allows access to the `$APP` folder and sub directories created in it. -The location of the `$APP` folder depends on the operating system, +This default permission set enables read access to the +application specific directories (AppConfig, AppData, AppLocalData, AppCache, +AppLog) and all files and sub directories created in it. +The location of these directories depends on the operating system, where the application is run. -In general the `$APP` folder needs to be manually created +In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible. -### Denied Permissions +Therefore, it is also allowed to create all of these folders via +the `mkdir` command. + +#### Denied Permissions This default permission set prevents access to critical components of the Tauri application by default. @@ -304,6 +308,9 @@ Allowing access can lead to sensitive information disclosure and should be well `$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.| |`read-all`|This enables all read related commands without any pre-configured accessible paths.| +|`read-app-specific-dirs-recursive`|This permission allows recursive read functionality on the application +specific base directories. +| |`read-dirs`|This enables directory read and file metadata related commands without any pre-configured accessible paths.| |`read-files`|This enables file read related commands without any pre-configured accessible paths.| |`read-meta`|This enables all index or metadata related commands without any pre-configured accessible paths.| diff --git a/plugins/fs/permissions/create-app-specific-dirs.toml b/plugins/fs/permissions/create-app-specific-dirs.toml new file mode 100644 index 000000000..45fa632e1 --- /dev/null +++ b/plugins/fs/permissions/create-app-specific-dirs.toml @@ -0,0 +1,23 @@ +"$schema" = "schemas/schema.json" + +[[permission]] +identifier = "create-app-specific-dirs" +description = """ +This permissions allows to create the application specific directories. +""" +commands.allow = ["mkdir"] + +[[permission.scope.allow]] +path = "$APPCONFIG" + +[[permission.scope.allow]] +path = "$APPDATA" + +[[permission.scope.allow]] +path = "$APPLOCALDATA" + +[[permission.scope.allow]] +path = "$APPCACHE" + +[[permission.scope.allow]] +path = "$APPLOG" \ No newline at end of file diff --git a/plugins/fs/permissions/default.toml b/plugins/fs/permissions/default.toml index 213fece0e..279fca79e 100644 --- a/plugins/fs/permissions/default.toml +++ b/plugins/fs/permissions/default.toml @@ -2,27 +2,33 @@ [default] description = """ -# Tauri `fs` default permissions +This set of permissions describes the what kind of +file system access the `fs` plugin has enabled or denied by default. -This configuration file defines the default permissions granted -to the filesystem. +#### Granted Permissions -### Granted Permissions - -This default permission set enables all read-related commands and -allows access to the `$APP` folder and sub directories created in it. -The location of the `$APP` folder depends on the operating system, +This default permission set enables read access to the +application specific directories (AppConfig, AppData, AppLocalData, AppCache, +AppLog) and all files and sub directories created in it. +The location of these directories depends on the operating system, where the application is run. -In general the `$APP` folder needs to be manually created +In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible. -### Denied Permissions +Therefore, it is also allowed to create all of these folders via +the `mkdir` command. + +#### Denied Permissions This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied. """ -permissions = ["read-all", "scope-app-recursive", "deny-default"] +permissions = [ + "create-app-specific-dirs", + "read-app-specific-dirs-recursive", + "deny-default", +] diff --git a/plugins/fs/permissions/read-app-specific-dirs-recursive.toml b/plugins/fs/permissions/read-app-specific-dirs-recursive.toml new file mode 100644 index 000000000..409f24fcd --- /dev/null +++ b/plugins/fs/permissions/read-app-specific-dirs-recursive.toml @@ -0,0 +1,31 @@ +"$schema" = "schemas/schema.json" + +[[permission]] +identifier = "read-app-specific-dirs-recursive" +description = """ +This permission allows recursive read functionality on the application +specific base directories. +""" +commands.allow = [ + "read_dir", + "read_file", + "read_text_file", + "read_text_file_lines", + "read_text_file_lines_next", + "exists", +] + +[[permission.scope.allow]] +path = "$APPCONFIG/**" + +[[permission.scope.allow]] +path = "$APPDATA/**" + +[[permission.scope.allow]] +path = "$APPLOCALDATA/**" + +[[permission.scope.allow]] +path = "$APPCACHE/**" + +[[permission.scope.allow]] +path = "$APPLOG/**" \ No newline at end of file diff --git a/plugins/fs/permissions/schemas/schema.json b/plugins/fs/permissions/schemas/schema.json index 968178424..4910e9527 100644 --- a/plugins/fs/permissions/schemas/schema.json +++ b/plugins/fs/permissions/schemas/schema.json @@ -2206,7 +2206,14 @@ ] }, { - "description": "default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", + "description": "create-app-specific-dirs -> This permissions allows to create the application specific directories.\n", + "type": "string", + "enum": [ + "create-app-specific-dirs" + ] + }, + { + "description": "default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n", "type": "string", "enum": [ "default" @@ -2240,6 +2247,13 @@ "read-all" ] }, + { + "description": "read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n", + "type": "string", + "enum": [ + "read-app-specific-dirs-recursive" + ] + }, { "description": "read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.", "type": "string", diff --git a/plugins/global-shortcut/permissions/autogenerated/reference.md b/plugins/global-shortcut/permissions/autogenerated/reference.md index 071594c3f..fed89448e 100644 --- a/plugins/global-shortcut/permissions/autogenerated/reference.md +++ b/plugins/global-shortcut/permissions/autogenerated/reference.md @@ -10,3 +10,8 @@ |`deny-unregister`|Denies the unregister command without any pre-configured scope.| |`allow-unregister-all`|Enables the unregister_all command without any pre-configured scope.| |`deny-unregister-all`|Denies the unregister_all command without any pre-configured scope.| +|`default`|No features are enabled by default, as we believe +the shortcuts can be inherently dangerous and it is +application specific if specific shortcuts should be +registered or unregistered. +| diff --git a/plugins/global-shortcut/permissions/default.toml b/plugins/global-shortcut/permissions/default.toml new file mode 100644 index 000000000..9627c8865 --- /dev/null +++ b/plugins/global-shortcut/permissions/default.toml @@ -0,0 +1,10 @@ +"$schema" = "schemas/schema.json" +[default] +description = """ +No features are enabled by default, as we believe +the shortcuts can be inherently dangerous and it is +application specific if specific shortcuts should be +registered or unregistered. +""" + +permissions = [] diff --git a/plugins/global-shortcut/permissions/schemas/schema.json b/plugins/global-shortcut/permissions/schemas/schema.json index 55b9b02bf..615a8a181 100644 --- a/plugins/global-shortcut/permissions/schemas/schema.json +++ b/plugins/global-shortcut/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-unregister-all" ] + }, + { + "description": "default -> No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is \napplication specific if specific shortcuts should be\nregistered or unregistered.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/http/permissions/autogenerated/reference.md b/plugins/http/permissions/autogenerated/reference.md index d0fa4a6ea..27d924a95 100644 --- a/plugins/http/permissions/autogenerated/reference.md +++ b/plugins/http/permissions/autogenerated/reference.md @@ -8,4 +8,15 @@ |`deny-fetch-read-body`|Denies the fetch_read_body command without any pre-configured scope.| |`allow-fetch-send`|Enables the fetch_send command without any pre-configured scope.| |`deny-fetch-send`|Denies the fetch_send command without any pre-configured scope.| -|`default`|Allows all fetch operations| +|`default`|This permission set configures what kind of +fetch operations are available from the http plugin. + +This enables all fetch operations but does not +allow explicitly any origins to be fetched. This needs to +be manually configured before usage. + +#### Granted Permissions + +All fetch operations are enabled. + +| diff --git a/plugins/http/permissions/default.toml b/plugins/http/permissions/default.toml index fd7802b43..b469536dd 100644 --- a/plugins/http/permissions/default.toml +++ b/plugins/http/permissions/default.toml @@ -1,6 +1,19 @@ "$schema" = "schemas/schema.json" + [default] -description = "Allows all fetch operations" +description = """ +This permission set configures what kind of +fetch operations are available from the http plugin. + +This enables all fetch operations but does not +allow explicitly any origins to be fetched. This needs to +be manually configured before usage. + +#### Granted Permissions + +All fetch operations are enabled. + +""" permissions = [ "allow-fetch", "allow-fetch-cancel", diff --git a/plugins/http/permissions/schemas/schema.json b/plugins/http/permissions/schemas/schema.json index 7480bb2a5..17ce3d3dd 100644 --- a/plugins/http/permissions/schemas/schema.json +++ b/plugins/http/permissions/schemas/schema.json @@ -351,7 +351,7 @@ ] }, { - "description": "default -> Allows all fetch operations", + "description": "default -> This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/nfc/permissions/autogenerated/reference.md b/plugins/nfc/permissions/autogenerated/reference.md index 3224859ff..b627f7083 100644 --- a/plugins/nfc/permissions/autogenerated/reference.md +++ b/plugins/nfc/permissions/autogenerated/reference.md @@ -6,3 +6,13 @@ |`deny-scan`|Denies the scan command without any pre-configured scope.| |`allow-write`|Enables the write command without any pre-configured scope.| |`deny-write`|Denies the write command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the nfc plugin. + +#### Granted Permissions + +Checking if the NFC functionality is available +and scanning nearby tags is allowed. +Writing to tags needs to be manually enabled. + +| diff --git a/plugins/nfc/permissions/default.toml b/plugins/nfc/permissions/default.toml new file mode 100644 index 000000000..3be65b192 --- /dev/null +++ b/plugins/nfc/permissions/default.toml @@ -0,0 +1,18 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the nfc plugin. + +#### Granted Permissions + +Checking if the NFC functionality is available +and scanning nearby tags is allowed. +Writing to tags needs to be manually enabled. + +""" +permissions = [ + "allow-is-available", + "allow-scan", +] diff --git a/plugins/nfc/permissions/schemas/schema.json b/plugins/nfc/permissions/schemas/schema.json index 3ca96fd37..e5d5931a9 100644 --- a/plugins/nfc/permissions/schemas/schema.json +++ b/plugins/nfc/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-write" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/notification/build.rs b/plugins/notification/build.rs index e5b6ced36..ca9c718be 100644 --- a/plugins/notification/build.rs +++ b/plugins/notification/build.rs @@ -8,6 +8,17 @@ const COMMANDS: &[&str] = &[ "is_permission_granted", "register_action_types", "register_listener", + "cancel", + "get_pending", + "remove_active", + "get_active", + "check_permissions", + "show", + "batch", + "list_channels", + "delete_channel", + "create_channel", + "permission_state" ]; fn main() { diff --git a/plugins/notification/permissions/autogenerated/commands/batch.toml b/plugins/notification/permissions/autogenerated/commands/batch.toml new file mode 100644 index 000000000..c52cc16d6 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/batch.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-batch" +description = "Enables the batch command without any pre-configured scope." +commands.allow = ["batch"] + +[[permission]] +identifier = "deny-batch" +description = "Denies the batch command without any pre-configured scope." +commands.deny = ["batch"] diff --git a/plugins/notification/permissions/autogenerated/commands/cancel.toml b/plugins/notification/permissions/autogenerated/commands/cancel.toml new file mode 100644 index 000000000..91efeaa00 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/cancel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-cancel" +description = "Enables the cancel command without any pre-configured scope." +commands.allow = ["cancel"] + +[[permission]] +identifier = "deny-cancel" +description = "Denies the cancel command without any pre-configured scope." +commands.deny = ["cancel"] diff --git a/plugins/notification/permissions/autogenerated/commands/check_permissions.toml b/plugins/notification/permissions/autogenerated/commands/check_permissions.toml new file mode 100644 index 000000000..f5af08b13 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/check_permissions.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-check-permissions" +description = "Enables the check_permissions command without any pre-configured scope." +commands.allow = ["check_permissions"] + +[[permission]] +identifier = "deny-check-permissions" +description = "Denies the check_permissions command without any pre-configured scope." +commands.deny = ["check_permissions"] diff --git a/plugins/notification/permissions/autogenerated/commands/create_channel.toml b/plugins/notification/permissions/autogenerated/commands/create_channel.toml new file mode 100644 index 000000000..2c9314742 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/create_channel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-create-channel" +description = "Enables the create_channel command without any pre-configured scope." +commands.allow = ["create_channel"] + +[[permission]] +identifier = "deny-create-channel" +description = "Denies the create_channel command without any pre-configured scope." +commands.deny = ["create_channel"] diff --git a/plugins/notification/permissions/autogenerated/commands/delete_channel.toml b/plugins/notification/permissions/autogenerated/commands/delete_channel.toml new file mode 100644 index 000000000..0adaf2bb1 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/delete_channel.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-delete-channel" +description = "Enables the delete_channel command without any pre-configured scope." +commands.allow = ["delete_channel"] + +[[permission]] +identifier = "deny-delete-channel" +description = "Denies the delete_channel command without any pre-configured scope." +commands.deny = ["delete_channel"] diff --git a/plugins/notification/permissions/autogenerated/commands/get_active.toml b/plugins/notification/permissions/autogenerated/commands/get_active.toml new file mode 100644 index 000000000..b841eb858 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/get_active.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-active" +description = "Enables the get_active command without any pre-configured scope." +commands.allow = ["get_active"] + +[[permission]] +identifier = "deny-get-active" +description = "Denies the get_active command without any pre-configured scope." +commands.deny = ["get_active"] diff --git a/plugins/notification/permissions/autogenerated/commands/get_pending.toml b/plugins/notification/permissions/autogenerated/commands/get_pending.toml new file mode 100644 index 000000000..f3bae7a80 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/get_pending.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-pending" +description = "Enables the get_pending command without any pre-configured scope." +commands.allow = ["get_pending"] + +[[permission]] +identifier = "deny-get-pending" +description = "Denies the get_pending command without any pre-configured scope." +commands.deny = ["get_pending"] diff --git a/plugins/notification/permissions/autogenerated/commands/list_channels.toml b/plugins/notification/permissions/autogenerated/commands/list_channels.toml new file mode 100644 index 000000000..cb20cd570 --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/list_channels.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-list-channels" +description = "Enables the list_channels command without any pre-configured scope." +commands.allow = ["list_channels"] + +[[permission]] +identifier = "deny-list-channels" +description = "Denies the list_channels command without any pre-configured scope." +commands.deny = ["list_channels"] diff --git a/plugins/notification/permissions/autogenerated/commands/permission_state.toml b/plugins/notification/permissions/autogenerated/commands/permission_state.toml new file mode 100644 index 000000000..dddcd86fc --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/permission_state.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-permission-state" +description = "Enables the permission_state command without any pre-configured scope." +commands.allow = ["permission_state"] + +[[permission]] +identifier = "deny-permission-state" +description = "Denies the permission_state command without any pre-configured scope." +commands.deny = ["permission_state"] diff --git a/plugins/notification/permissions/autogenerated/commands/remove_active.toml b/plugins/notification/permissions/autogenerated/commands/remove_active.toml new file mode 100644 index 000000000..9ad2add1a --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/remove_active.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-remove-active" +description = "Enables the remove_active command without any pre-configured scope." +commands.allow = ["remove_active"] + +[[permission]] +identifier = "deny-remove-active" +description = "Denies the remove_active command without any pre-configured scope." +commands.deny = ["remove_active"] diff --git a/plugins/notification/permissions/autogenerated/commands/show.toml b/plugins/notification/permissions/autogenerated/commands/show.toml new file mode 100644 index 000000000..3d4cbf38b --- /dev/null +++ b/plugins/notification/permissions/autogenerated/commands/show.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-show" +description = "Enables the show command without any pre-configured scope." +commands.allow = ["show"] + +[[permission]] +identifier = "deny-show" +description = "Denies the show command without any pre-configured scope." +commands.deny = ["show"] diff --git a/plugins/notification/permissions/autogenerated/reference.md b/plugins/notification/permissions/autogenerated/reference.md index e6fbf607b..e64232593 100644 --- a/plugins/notification/permissions/autogenerated/reference.md +++ b/plugins/notification/permissions/autogenerated/reference.md @@ -1,13 +1,42 @@ | Permission | Description | |------|-----| +|`allow-batch`|Enables the batch command without any pre-configured scope.| +|`deny-batch`|Denies the batch command without any pre-configured scope.| +|`allow-cancel`|Enables the cancel command without any pre-configured scope.| +|`deny-cancel`|Denies the cancel command without any pre-configured scope.| +|`allow-check-permissions`|Enables the check_permissions command without any pre-configured scope.| +|`deny-check-permissions`|Denies the check_permissions command without any pre-configured scope.| +|`allow-create-channel`|Enables the create_channel command without any pre-configured scope.| +|`deny-create-channel`|Denies the create_channel command without any pre-configured scope.| +|`allow-delete-channel`|Enables the delete_channel command without any pre-configured scope.| +|`deny-delete-channel`|Denies the delete_channel command without any pre-configured scope.| +|`allow-get-active`|Enables the get_active command without any pre-configured scope.| +|`deny-get-active`|Denies the get_active command without any pre-configured scope.| +|`allow-get-pending`|Enables the get_pending command without any pre-configured scope.| +|`deny-get-pending`|Denies the get_pending command without any pre-configured scope.| |`allow-is-permission-granted`|Enables the is_permission_granted command without any pre-configured scope.| |`deny-is-permission-granted`|Denies the is_permission_granted command without any pre-configured scope.| +|`allow-list-channels`|Enables the list_channels command without any pre-configured scope.| +|`deny-list-channels`|Denies the list_channels command without any pre-configured scope.| |`allow-notify`|Enables the notify command without any pre-configured scope.| |`deny-notify`|Denies the notify command without any pre-configured scope.| +|`allow-permission-state`|Enables the permission_state command without any pre-configured scope.| +|`deny-permission-state`|Denies the permission_state command without any pre-configured scope.| |`allow-register-action-types`|Enables the register_action_types command without any pre-configured scope.| |`deny-register-action-types`|Denies the register_action_types command without any pre-configured scope.| |`allow-register-listener`|Enables the register_listener command without any pre-configured scope.| |`deny-register-listener`|Denies the register_listener command without any pre-configured scope.| +|`allow-remove-active`|Enables the remove_active command without any pre-configured scope.| +|`deny-remove-active`|Denies the remove_active command without any pre-configured scope.| |`allow-request-permission`|Enables the request_permission command without any pre-configured scope.| |`deny-request-permission`|Denies the request_permission command without any pre-configured scope.| -|`default`|Allows requesting permission, checking permission state and sending notifications| +|`allow-show`|Enables the show command without any pre-configured scope.| +|`deny-show`|Denies the show command without any pre-configured scope.| +|`default`|This permission set configures which +notification features are by default exposed. + +#### Granted Permissions + +It allows all notification related features. + +| diff --git a/plugins/notification/permissions/default.toml b/plugins/notification/permissions/default.toml index 2bd851428..e59d206aa 100644 --- a/plugins/notification/permissions/default.toml +++ b/plugins/notification/permissions/default.toml @@ -1,8 +1,30 @@ "$schema" = "schemas/schema.json" [default] -description = "Allows requesting permission, checking permission state and sending notifications" +description = """ +This permission set configures which +notification features are by default exposed. + +#### Granted Permissions + +It allows all notification related features. + +""" + permissions = [ "allow-is-permission-granted", "allow-request-permission", "allow-notify", + "allow-register-action-types", + "allow-register-listener", + "allow-cancel", + "allow-get-pending", + "allow-remove-active", + "allow-get-active", + "allow-check-permissions", + "allow-show", + "allow-batch", + "allow-list-channels", + "allow-delete-channel", + "allow-create-channel", + "allow-permission-state" ] diff --git a/plugins/notification/permissions/schemas/schema.json b/plugins/notification/permissions/schemas/schema.json index 024ec1dc1..0b20a6c5f 100644 --- a/plugins/notification/permissions/schemas/schema.json +++ b/plugins/notification/permissions/schemas/schema.json @@ -294,6 +294,104 @@ "PermissionKind": { "type": "string", "oneOf": [ + { + "description": "allow-batch -> Enables the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-batch" + ] + }, + { + "description": "deny-batch -> Denies the batch command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-batch" + ] + }, + { + "description": "allow-cancel -> Enables the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-cancel" + ] + }, + { + "description": "deny-cancel -> Denies the cancel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-cancel" + ] + }, + { + "description": "allow-check-permissions -> Enables the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-check-permissions" + ] + }, + { + "description": "deny-check-permissions -> Denies the check_permissions command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-check-permissions" + ] + }, + { + "description": "allow-create-channel -> Enables the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-create-channel" + ] + }, + { + "description": "deny-create-channel -> Denies the create_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-create-channel" + ] + }, + { + "description": "allow-delete-channel -> Enables the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-delete-channel" + ] + }, + { + "description": "deny-delete-channel -> Denies the delete_channel command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-delete-channel" + ] + }, + { + "description": "allow-get-active -> Enables the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-get-active" + ] + }, + { + "description": "deny-get-active -> Denies the get_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-get-active" + ] + }, + { + "description": "allow-get-pending -> Enables the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-get-pending" + ] + }, + { + "description": "deny-get-pending -> Denies the get_pending command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-get-pending" + ] + }, { "description": "allow-is-permission-granted -> Enables the is_permission_granted command without any pre-configured scope.", "type": "string", @@ -308,6 +406,20 @@ "deny-is-permission-granted" ] }, + { + "description": "allow-list-channels -> Enables the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-list-channels" + ] + }, + { + "description": "deny-list-channels -> Denies the list_channels command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-list-channels" + ] + }, { "description": "allow-notify -> Enables the notify command without any pre-configured scope.", "type": "string", @@ -322,6 +434,20 @@ "deny-notify" ] }, + { + "description": "allow-permission-state -> Enables the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-permission-state" + ] + }, + { + "description": "deny-permission-state -> Denies the permission_state command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-permission-state" + ] + }, { "description": "allow-register-action-types -> Enables the register_action_types command without any pre-configured scope.", "type": "string", @@ -350,6 +476,20 @@ "deny-register-listener" ] }, + { + "description": "allow-remove-active -> Enables the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-remove-active" + ] + }, + { + "description": "deny-remove-active -> Denies the remove_active command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-remove-active" + ] + }, { "description": "allow-request-permission -> Enables the request_permission command without any pre-configured scope.", "type": "string", @@ -365,7 +505,21 @@ ] }, { - "description": "default -> Allows requesting permission, checking permission state and sending notifications", + "description": "allow-show -> Enables the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "allow-show" + ] + }, + { + "description": "deny-show -> Denies the show command without any pre-configured scope.", + "type": "string", + "enum": [ + "deny-show" + ] + }, + { + "description": "default -> This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/os/permissions/autogenerated/reference.md b/plugins/os/permissions/autogenerated/reference.md index 563c8d284..73d43e51e 100644 --- a/plugins/os/permissions/autogenerated/reference.md +++ b/plugins/os/permissions/autogenerated/reference.md @@ -16,3 +16,12 @@ |`deny-platform`|Denies the platform command without any pre-configured scope.| |`allow-version`|Enables the version command without any pre-configured scope.| |`deny-version`|Denies the version command without any pre-configured scope.| +|`default`|This permission set configures which +operating system information are available +to gather from the frontend. + +#### Granted Permissions + +All information except the host name are available. + +| diff --git a/plugins/os/permissions/default.toml b/plugins/os/permissions/default.toml new file mode 100644 index 000000000..f14e97fb9 --- /dev/null +++ b/plugins/os/permissions/default.toml @@ -0,0 +1,23 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +operating system information are available +to gather from the frontend. + +#### Granted Permissions + +All information except the host name are available. + +""" + +permissions = [ + "allow-arch", + "allow-exe-extension", + "allow-family", + "allow-locale", + "allow-os-type", + "allow-platform", + "allow-version", +] \ No newline at end of file diff --git a/plugins/os/permissions/schemas/schema.json b/plugins/os/permissions/schemas/schema.json index c325e3830..5359f36cc 100644 --- a/plugins/os/permissions/schemas/schema.json +++ b/plugins/os/permissions/schemas/schema.json @@ -405,6 +405,13 @@ "enum": [ "deny-version" ] + }, + { + "description": "default -> This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/process/permissions/autogenerated/reference.md b/plugins/process/permissions/autogenerated/reference.md index 1bef22c9a..949bf6ac2 100644 --- a/plugins/process/permissions/autogenerated/reference.md +++ b/plugins/process/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-exit`|Denies the exit command without any pre-configured scope.| |`allow-restart`|Enables the restart command without any pre-configured scope.| |`deny-restart`|Denies the restart command without any pre-configured scope.| +|`default`|This permission set configures which +process feeatures are by default exposed. + +#### Granted Permissions + +This enables to quit via `allow-exit` and restart via `allow-restart` +the application. +| diff --git a/plugins/process/permissions/default.toml b/plugins/process/permissions/default.toml new file mode 100644 index 000000000..e492c55aa --- /dev/null +++ b/plugins/process/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +process feeatures are by default exposed. + +#### Granted Permissions + +This enables to quit via `allow-exit` and restart via `allow-restart` +the application. +""" + +permissions = [ + "allow-exit", + "allow-restart", +] \ No newline at end of file diff --git a/plugins/process/permissions/schemas/schema.json b/plugins/process/permissions/schemas/schema.json index 98a1b344c..3dc97704b 100644 --- a/plugins/process/permissions/schemas/schema.json +++ b/plugins/process/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-restart" ] + }, + { + "description": "default -> This permission set configures which\nprocess feeatures are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/shell/permissions/autogenerated/reference.md b/plugins/shell/permissions/autogenerated/reference.md index 8138c686f..00af0dc4c 100644 --- a/plugins/shell/permissions/autogenerated/reference.md +++ b/plugins/shell/permissions/autogenerated/reference.md @@ -10,3 +10,12 @@ |`deny-spawn`|Denies the spawn command without any pre-configured scope.| |`allow-stdin-write`|Enables the stdin_write command without any pre-configured scope.| |`deny-stdin-write`|Denies the stdin_write command without any pre-configured scope.| +|`default`|This permission set configures which +shell functionality is exposed by default. + +#### Granted Permissions + +It allows to use the `open` functionality without any specific +scope pre-configured. It will allow opening `http(s)://`, +`tel:` and `mailto:` links. +| diff --git a/plugins/shell/permissions/default.toml b/plugins/shell/permissions/default.toml new file mode 100644 index 000000000..4f17daa49 --- /dev/null +++ b/plugins/shell/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures which +shell functionality is exposed by default. + +#### Granted Permissions + +It allows to use the `open` functionality without any specific +scope pre-configured. It will allow opening `http(s)://`, +`tel:` and `mailto:` links. +""" + +permissions = [ + "allow-open", +] diff --git a/plugins/shell/permissions/schemas/schema.json b/plugins/shell/permissions/schemas/schema.json index 3ad11a47d..9730ecc72 100644 --- a/plugins/shell/permissions/schemas/schema.json +++ b/plugins/shell/permissions/schemas/schema.json @@ -363,6 +363,13 @@ "enum": [ "deny-stdin-write" ] + }, + { + "description": "default -> This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality without any specific\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/sql/permissions/autogenerated/reference.md b/plugins/sql/permissions/autogenerated/reference.md index a3e121344..bbaa7b8eb 100644 --- a/plugins/sql/permissions/autogenerated/reference.md +++ b/plugins/sql/permissions/autogenerated/reference.md @@ -8,3 +8,14 @@ |`deny-load`|Denies the load command without any pre-configured scope.| |`allow-select`|Enables the select command without any pre-configured scope.| |`deny-select`|Denies the select command without any pre-configured scope.| +|`default`|# Tauri SQL Default Permissions + +This permission set configures what kind of +database operations are available from the sql plugin. + +### Granted Permissions + +All reading related operations are enabled. +Also allows to load or close a connection. + +| diff --git a/plugins/sql/permissions/default.toml b/plugins/sql/permissions/default.toml new file mode 100644 index 000000000..dbea84f4d --- /dev/null +++ b/plugins/sql/permissions/default.toml @@ -0,0 +1,20 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +# Tauri SQL Default Permissions + +This permission set configures what kind of +database operations are available from the sql plugin. + +### Granted Permissions + +All reading related operations are enabled. +Also allows to load or close a connection. + +""" +permissions = [ + "allow-close", + "allow-load", + "allow-select", +] diff --git a/plugins/sql/permissions/schemas/schema.json b/plugins/sql/permissions/schemas/schema.json index 3001321e4..417e565df 100644 --- a/plugins/sql/permissions/schemas/schema.json +++ b/plugins/sql/permissions/schemas/schema.json @@ -349,6 +349,13 @@ "enum": [ "deny-select" ] + }, + { + "description": "default -> # Tauri SQL Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/store/permissions/autogenerated/reference.md b/plugins/store/permissions/autogenerated/reference.md index ea9c07f0d..bab6429d7 100644 --- a/plugins/store/permissions/autogenerated/reference.md +++ b/plugins/store/permissions/autogenerated/reference.md @@ -24,3 +24,11 @@ |`deny-set`|Denies the set command without any pre-configured scope.| |`allow-values`|Enables the values command without any pre-configured scope.| |`deny-values`|Denies the values command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the store plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/store/permissions/default.toml b/plugins/store/permissions/default.toml new file mode 100644 index 000000000..d2369b272 --- /dev/null +++ b/plugins/store/permissions/default.toml @@ -0,0 +1,26 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the store plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-clear", + "allow-delete", + "allow-entries", + "allow-get", + "allow-has", + "allow-keys", + "allow-length", + "allow-load", + "allow-reset", + "allow-save", + "allow-set", + "allow-values", +] diff --git a/plugins/store/permissions/schemas/schema.json b/plugins/store/permissions/schemas/schema.json index 33cd778e6..70c5986bf 100644 --- a/plugins/store/permissions/schemas/schema.json +++ b/plugins/store/permissions/schemas/schema.json @@ -461,6 +461,13 @@ "enum": [ "deny-values" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the store plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/stronghold/permissions/autogenerated/reference.md b/plugins/stronghold/permissions/autogenerated/reference.md index da3494eb3..29b981eac 100644 --- a/plugins/stronghold/permissions/autogenerated/reference.md +++ b/plugins/stronghold/permissions/autogenerated/reference.md @@ -22,3 +22,11 @@ |`deny-save-secret`|Denies the save_secret command without any pre-configured scope.| |`allow-save-store-record`|Enables the save_store_record command without any pre-configured scope.| |`deny-save-store-record`|Denies the save_store_record command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the stronghold plugin. + +#### Granted Permissions + +All non-destructive operations are enabled by default. + +| diff --git a/plugins/stronghold/permissions/default.toml b/plugins/stronghold/permissions/default.toml new file mode 100644 index 000000000..c157fe7e6 --- /dev/null +++ b/plugins/stronghold/permissions/default.toml @@ -0,0 +1,22 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the stronghold plugin. + +#### Granted Permissions + +All non-destructive operations are enabled by default. + +""" +permissions = [ + "allow-create-client", + "allow-get-store-record", + "allow-initialize", + "allow-execute-procedure", + "allow-load-client", + "allow-save-secret", + "allow-save-store-record", + "allow-save", +] diff --git a/plugins/stronghold/permissions/schemas/schema.json b/plugins/stronghold/permissions/schemas/schema.json index a8d598ad1..e01eab994 100644 --- a/plugins/stronghold/permissions/schemas/schema.json +++ b/plugins/stronghold/permissions/schemas/schema.json @@ -447,6 +447,13 @@ "enum": [ "deny-save-store-record" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the stronghold plugin.\n\n#### Granted Permissions\n\nAll non-destructive operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/updater/permissions/autogenerated/reference.md b/plugins/updater/permissions/autogenerated/reference.md index e9991380d..a2d74addf 100644 --- a/plugins/updater/permissions/autogenerated/reference.md +++ b/plugins/updater/permissions/autogenerated/reference.md @@ -8,4 +8,12 @@ |`deny-download-and-install`|Denies the download_and_install command without any pre-configured scope.| |`allow-install`|Enables the install command without any pre-configured scope.| |`deny-install`|Denies the install command without any pre-configured scope.| -|`default`|Allows checking for new updates and installing them| +|`default`|This permission set configures which kind of +updater functions are exposed to the frontend. + +#### Granted Permissions + +The full workflow from checking for updates to installing them +is enabled. + +| diff --git a/plugins/updater/permissions/default.toml b/plugins/updater/permissions/default.toml index ea9941153..6ae34b6b9 100644 --- a/plugins/updater/permissions/default.toml +++ b/plugins/updater/permissions/default.toml @@ -1,6 +1,15 @@ "$schema" = "schemas/schema.json" [default] -description = "Allows checking for new updates and installing them" +description = """ +This permission set configures which kind of +updater functions are exposed to the frontend. + +#### Granted Permissions + +The full workflow from checking for updates to installing them +is enabled. + +""" permissions = [ "allow-check", "allow-download", diff --git a/plugins/updater/permissions/schemas/schema.json b/plugins/updater/permissions/schemas/schema.json index 4d03368e4..b6eacc0ae 100644 --- a/plugins/updater/permissions/schemas/schema.json +++ b/plugins/updater/permissions/schemas/schema.json @@ -351,7 +351,7 @@ ] }, { - "description": "default -> Allows checking for new updates and installing them", + "description": "default -> This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n", "type": "string", "enum": [ "default" diff --git a/plugins/upload/permissions/autogenerated/reference.md b/plugins/upload/permissions/autogenerated/reference.md index 2b4cb1b64..2ad3df814 100644 --- a/plugins/upload/permissions/autogenerated/reference.md +++ b/plugins/upload/permissions/autogenerated/reference.md @@ -4,3 +4,11 @@ |`deny-download`|Denies the download command without any pre-configured scope.| |`allow-upload`|Enables the upload command without any pre-configured scope.| |`deny-upload`|Denies the upload command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the upload plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/upload/permissions/default.toml b/plugins/upload/permissions/default.toml new file mode 100644 index 000000000..8ef4bfe21 --- /dev/null +++ b/plugins/upload/permissions/default.toml @@ -0,0 +1,16 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the upload plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-upload", + "allow-download" +] diff --git a/plugins/upload/permissions/schemas/schema.json b/plugins/upload/permissions/schemas/schema.json index 7d544d353..d0b242193 100644 --- a/plugins/upload/permissions/schemas/schema.json +++ b/plugins/upload/permissions/schemas/schema.json @@ -321,6 +321,13 @@ "enum": [ "deny-upload" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] } diff --git a/plugins/window-state/permissions/autogenerated/reference.md b/plugins/window-state/permissions/autogenerated/reference.md index 227906173..7a0f628e3 100644 --- a/plugins/window-state/permissions/autogenerated/reference.md +++ b/plugins/window-state/permissions/autogenerated/reference.md @@ -6,3 +6,11 @@ |`deny-restore-state`|Denies the restore_state command without any pre-configured scope.| |`allow-save-window-state`|Enables the save_window_state command without any pre-configured scope.| |`deny-save-window-state`|Denies the save_window_state command without any pre-configured scope.| +|`default`|This permission set configures what kind of +operations are available from the window state plugin. + +#### Granted Permissions + +All operations are enabled by default. + +| diff --git a/plugins/window-state/permissions/default.toml b/plugins/window-state/permissions/default.toml new file mode 100644 index 000000000..1823e198d --- /dev/null +++ b/plugins/window-state/permissions/default.toml @@ -0,0 +1,17 @@ +"$schema" = "schemas/schema.json" + +[default] +description = """ +This permission set configures what kind of +operations are available from the window state plugin. + +#### Granted Permissions + +All operations are enabled by default. + +""" +permissions = [ + "allow-filename", + "allow-restore-state", + "allow-save-window-state", +] diff --git a/plugins/window-state/permissions/schemas/schema.json b/plugins/window-state/permissions/schemas/schema.json index b0ab7f52e..008bdcb7c 100644 --- a/plugins/window-state/permissions/schemas/schema.json +++ b/plugins/window-state/permissions/schemas/schema.json @@ -335,6 +335,13 @@ "enum": [ "deny-save-window-state" ] + }, + { + "description": "default -> This permission set configures what kind of\noperations are available from the window state plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n", + "type": "string", + "enum": [ + "default" + ] } ] }