fix(fs): app scopes not properly enabling paths (#1774)

2026-04-21 11:26:15 +02:00 · 2024-09-13 09:57:46 -03:00
parent 009299ebec
commit cc03ccf5e0
36 changed files with 350 additions and 343 deletions
@@ -52,7 +52,6 @@ const BASE_DIR_VARS: &[&str] = &[
    "TEMPLATE",
    "VIDEO",
    "RESOURCE",
-    "APP",
    "LOG",
    "TEMP",
    "APPCONFIG",
@@ -118,7 +117,7 @@ path = "${upper}/**"

 [[permission]]
 identifier = "scope-{lower}"
-description = "This scope permits access to all files and list content of top level directories in the `${upper}`folder."
+description = "This scope permits access to all files and list content of top level directories in the `${upper}` folder."

 [[permission.scope.allow]]
 path = "${upper}"
@@ -270,7 +270,7 @@ class FileHandle extends Resource {
   * @example
   * ```typescript
   * import { open, BaseDirectory } from "@tauri-apps/plugin-fs"
-   * // if "$APP/foo/bar.txt" contains the text "hello world":
+   * // if "$APPCONFIG/foo/bar.txt" contains the text "hello world":
   * const file = await open("foo/bar.txt", { baseDir: BaseDirectory.AppConfig });
   * const buf = new Uint8Array(100);
   * const numberOfBytesRead = await file.read(buf); // 11 bytes
@@ -0,0 +1,114 @@
+"$schema" = "schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-app-recursive"
+description = "This scope permits recursive access to the complete application folders, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG"
+[[permission.scope.allow]]
+path = "$APPCONFIG/**"
+
+[[permission.scope.allow]]
+path = "$APPDATA"
+[[permission.scope.allow]]
+path = "$APPDATA/**"
+
+[[permission.scope.allow]]
+path = "$APPLOCALDATA"
+[[permission.scope.allow]]
+path = "$APPLOCALDATA/**"
+
+[[permission.scope.allow]]
+path = "$APPCACHE"
+[[permission.scope.allow]]
+path = "$APPCACHE/**"
+
+[[permission.scope.allow]]
+path = "$APPLOG"
+[[permission.scope.allow]]
+path = "$APPLOG/**"
+
+[[permission]]
+identifier = "scope-app"
+description = "This scope permits access to all files and list content of top level directories in the application folders."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG"
+[[permission.scope.allow]]
+path = "$APPCONFIG/*"
+
+[[permission.scope.allow]]
+path = "$APPDATA"
+[[permission.scope.allow]]
+path = "$APPDATA/*"
+
+[[permission.scope.allow]]
+path = "$APPLOCALDATA"
+[[permission.scope.allow]]
+path = "$APPLOCALDATA/*"
+
+[[permission.scope.allow]]
+path = "$APPCACHE"
+[[permission.scope.allow]]
+path = "$APPCACHE/*"
+
+[[permission.scope.allow]]
+path = "$APPLOG"
+[[permission.scope.allow]]
+path = "$APPLOG/*"
+
+[[permission]]
+identifier = "scope-app-index"
+description = "This scope permits to list all files and folders in the application directories."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG"
+
+[[permission.scope.allow]]
+path = "$APPDATA"
+
+[[permission.scope.allow]]
+path = "$APPLOCALDATA"
+
+[[permission.scope.allow]]
+path = "$APPCACHE"
+
+[[permission.scope.allow]]
+path = "$APPLOG"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-app-read-recursive"
+description = "This allows full recursive read access to the complete application folders, files and subdirectories."
+permissions = ["read-all", "scope-app-recursive"]
+
+[[set]]
+identifier = "allow-app-write-recursive"
+description = "This allows full recursive write access to the complete application folders, files and subdirectories."
+permissions = ["write-all", "scope-app-recursive"]
+
+[[set]]
+identifier = "allow-app-read"
+description = "This allows non-recursive read access to the application folders."
+permissions = ["read-all", "scope-app"]
+
+[[set]]
+identifier = "allow-app-write"
+description = "This allows non-recursive write access to the application folders."
+permissions = ["write-all", "scope-app"]
+
+[[set]]
+identifier = "allow-app-meta-recursive"
+description = "This allows full recursive read access to metadata of the application folders, including file listing and statistics."
+permissions = ["read-meta", "scope-app-recursive"]
+
+[[set]]
+identifier = "allow-app-meta"
+description = "This allows non-recursive read access to metadata of the application folders, including file listing and statistics."
+permissions = ["read-meta", "scope-app-index"]
@@ -1,82 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-# Scopes Section
-# This section contains scopes, which define file level access
-
-[[permission]]
-identifier = "scope-app-recursive"
-description = "This scope permits recursive access to the complete `$APP` folder, including sub directories and files."
-
-[[permission.scope.allow]]
-path = "$APP"
-[[permission.scope.allow]]
-path = "$APP/**"
-
-[[permission]]
-identifier = "scope-app"
-description = "This scope permits access to all files and list content of top level directories in the `$APP`folder."
-
-[[permission.scope.allow]]
-path = "$APP"
-[[permission.scope.allow]]
-path = "$APP/*"
-
-[[permission]]
-identifier = "scope-app-index"
-description = "This scope permits to list all files and folders in the `$APP`folder."
-
-[[permission.scope.allow]]
-path = "$APP"
-
-# Sets Section
-# This section combines the scope elements with enablement of commands
-
-[[set]]
-identifier = "allow-app-read-recursive"
-description = "This allows full recursive read access to the complete `$APP` folder, files and subdirectories."
-permissions = [
-    "read-all",
-    "scope-app-recursive"
-]
-
-[[set]]
-identifier = "allow-app-write-recursive"
-description = "This allows full recursive write access to the complete `$APP` folder, files and subdirectories."
-permissions = [
-    "write-all",
-    "scope-app-recursive"
-]
-
-[[set]]
-identifier = "allow-app-read"
-description = "This allows non-recursive read access to the `$APP` folder."
-permissions = [
-    "read-all",
-    "scope-app"
-]
-
-[[set]]
-identifier = "allow-app-write"
-description = "This allows non-recursive write access to the `$APP` folder."
-permissions = [
-    "write-all",
-    "scope-app"
-]
-
-[[set]]
-identifier = "allow-app-meta-recursive"
-description = "This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics."
-permissions = [
-    "read-meta",
-    "scope-app-recursive"
-]
-
-[[set]]
-identifier = "allow-app-meta"
-description = "This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics."
-permissions = [
-    "read-meta",
-    "scope-app-index"
-]
@@ -16,7 +16,7 @@ path = "$APPCACHE/**"

 [[permission]]
 identifier = "scope-appcache"
-description = "This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$APPCACHE` folder."

 [[permission.scope.allow]]
 path = "$APPCACHE"
@@ -16,7 +16,7 @@ path = "$APPCONFIG/**"

 [[permission]]
 identifier = "scope-appconfig"
-description = "This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$APPCONFIG` folder."

 [[permission.scope.allow]]
 path = "$APPCONFIG"
@@ -16,7 +16,7 @@ path = "$APPDATA/**"

 [[permission]]
 identifier = "scope-appdata"
-description = "This scope permits access to all files and list content of top level directories in the `$APPDATA`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$APPDATA` folder."

 [[permission.scope.allow]]
 path = "$APPDATA"
@@ -16,7 +16,7 @@ path = "$APPLOCALDATA/**"

 [[permission]]
 identifier = "scope-applocaldata"
-description = "This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA` folder."

 [[permission.scope.allow]]
 path = "$APPLOCALDATA"
@@ -16,7 +16,7 @@ path = "$APPLOG/**"

 [[permission]]
 identifier = "scope-applog"
-description = "This scope permits access to all files and list content of top level directories in the `$APPLOG`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$APPLOG` folder."

 [[permission.scope.allow]]
 path = "$APPLOG"
@@ -16,7 +16,7 @@ path = "$AUDIO/**"

 [[permission]]
 identifier = "scope-audio"
-description = "This scope permits access to all files and list content of top level directories in the `$AUDIO`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$AUDIO` folder."

 [[permission.scope.allow]]
 path = "$AUDIO"
@@ -16,7 +16,7 @@ path = "$CACHE/**"

 [[permission]]
 identifier = "scope-cache"
-description = "This scope permits access to all files and list content of top level directories in the `$CACHE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$CACHE` folder."

 [[permission.scope.allow]]
 path = "$CACHE"
@@ -16,7 +16,7 @@ path = "$CONFIG/**"

 [[permission]]
 identifier = "scope-config"
-description = "This scope permits access to all files and list content of top level directories in the `$CONFIG`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$CONFIG` folder."

 [[permission.scope.allow]]
 path = "$CONFIG"
@@ -16,7 +16,7 @@ path = "$DATA/**"

 [[permission]]
 identifier = "scope-data"
-description = "This scope permits access to all files and list content of top level directories in the `$DATA`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$DATA` folder."

 [[permission.scope.allow]]
 path = "$DATA"
@@ -16,7 +16,7 @@ path = "$DESKTOP/**"

 [[permission]]
 identifier = "scope-desktop"
-description = "This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$DESKTOP` folder."

 [[permission.scope.allow]]
 path = "$DESKTOP"
@@ -16,7 +16,7 @@ path = "$DOCUMENT/**"

 [[permission]]
 identifier = "scope-document"
-description = "This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$DOCUMENT` folder."

 [[permission.scope.allow]]
 path = "$DOCUMENT"
@@ -16,7 +16,7 @@ path = "$DOWNLOAD/**"

 [[permission]]
 identifier = "scope-download"
-description = "This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$DOWNLOAD` folder."

 [[permission.scope.allow]]
 path = "$DOWNLOAD"
@@ -16,7 +16,7 @@ path = "$EXE/**"

 [[permission]]
 identifier = "scope-exe"
-description = "This scope permits access to all files and list content of top level directories in the `$EXE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$EXE` folder."

 [[permission.scope.allow]]
 path = "$EXE"
@@ -16,7 +16,7 @@ path = "$FONT/**"

 [[permission]]
 identifier = "scope-font"
-description = "This scope permits access to all files and list content of top level directories in the `$FONT`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$FONT` folder."

 [[permission.scope.allow]]
 path = "$FONT"
@@ -16,7 +16,7 @@ path = "$HOME/**"

 [[permission]]
 identifier = "scope-home"
-description = "This scope permits access to all files and list content of top level directories in the `$HOME`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$HOME` folder."

 [[permission.scope.allow]]
 path = "$HOME"
@@ -16,7 +16,7 @@ path = "$LOCALDATA/**"

 [[permission]]
 identifier = "scope-localdata"
-description = "This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$LOCALDATA` folder."

 [[permission.scope.allow]]
 path = "$LOCALDATA"
@@ -16,7 +16,7 @@ path = "$LOG/**"

 [[permission]]
 identifier = "scope-log"
-description = "This scope permits access to all files and list content of top level directories in the `$LOG`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$LOG` folder."

 [[permission.scope.allow]]
 path = "$LOG"
@@ -16,7 +16,7 @@ path = "$PICTURE/**"

 [[permission]]
 identifier = "scope-picture"
-description = "This scope permits access to all files and list content of top level directories in the `$PICTURE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$PICTURE` folder."

 [[permission.scope.allow]]
 path = "$PICTURE"
@@ -16,7 +16,7 @@ path = "$PUBLIC/**"

 [[permission]]
 identifier = "scope-public"
-description = "This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$PUBLIC` folder."

 [[permission.scope.allow]]
 path = "$PUBLIC"
@@ -16,7 +16,7 @@ path = "$RESOURCE/**"

 [[permission]]
 identifier = "scope-resource"
-description = "This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$RESOURCE` folder."

 [[permission.scope.allow]]
 path = "$RESOURCE"
@@ -16,7 +16,7 @@ path = "$RUNTIME/**"

 [[permission]]
 identifier = "scope-runtime"
-description = "This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$RUNTIME` folder."

 [[permission.scope.allow]]
 path = "$RUNTIME"
@@ -16,7 +16,7 @@ path = "$TEMP/**"

 [[permission]]
 identifier = "scope-temp"
-description = "This scope permits access to all files and list content of top level directories in the `$TEMP`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$TEMP` folder."

 [[permission.scope.allow]]
 path = "$TEMP"
@@ -16,7 +16,7 @@ path = "$TEMPLATE/**"

 [[permission]]
 identifier = "scope-template"
-description = "This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$TEMPLATE` folder."

 [[permission.scope.allow]]
 path = "$TEMPLATE"
@@ -16,7 +16,7 @@ path = "$VIDEO/**"

 [[permission]]
 identifier = "scope-video"
-description = "This scope permits access to all files and list content of top level directories in the `$VIDEO`folder."
+description = "This scope permits access to all files and list content of top level directories in the `$VIDEO` folder."

 [[permission.scope.allow]]
 path = "$VIDEO"
@@ -47,7 +47,7 @@ On Windows the webview data folder access is denied.
 </td>
 <td>

-This allows full recursive read access to the complete `$APP` folder, files and subdirectories.
+This allows full recursive read access to the complete application folders, files and subdirectories.

 </td>
 </tr>
@@ -60,7 +60,7 @@ This allows full recursive read access to the complete `$APP` folder, files and
 </td>
 <td>

-This allows full recursive write access to the complete `$APP` folder, files and subdirectories.
+This allows full recursive write access to the complete application folders, files and subdirectories.

 </td>
 </tr>
@@ -73,7 +73,7 @@ This allows full recursive write access to the complete `$APP` folder, files and
 </td>
 <td>

-This allows non-recursive read access to the `$APP` folder.
+This allows non-recursive read access to the application folders.

 </td>
 </tr>
@@ -86,7 +86,7 @@ This allows non-recursive read access to the `$APP` folder.
 </td>
 <td>

-This allows non-recursive write access to the `$APP` folder.
+This allows non-recursive write access to the application folders.

 </td>
 </tr>
@@ -99,7 +99,7 @@ This allows non-recursive write access to the `$APP` folder.
 </td>
 <td>

-This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.
+This allows full recursive read access to metadata of the application folders, including file listing and statistics.

 </td>
 </tr>
@@ -112,7 +112,7 @@ This allows full recursive read access to metadata of the `$APP` folder, includi
 </td>
 <td>

-This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.
+This allows non-recursive read access to metadata of the application folders, including file listing and statistics.

 </td>
 </tr>
@@ -125,7 +125,7 @@ This allows non-recursive read access to metadata of the `$APP` folder, includin
 </td>
 <td>

-This scope permits recursive access to the complete `$APP` folder, including sub directories and files.
+This scope permits recursive access to the complete application folders, including sub directories and files.

 </td>
 </tr>
@@ -138,7 +138,7 @@ This scope permits recursive access to the complete `$APP` folder, including sub
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APP`folder.
+This scope permits access to all files and list content of top level directories in the application folders.

 </td>
 </tr>
@@ -151,7 +151,7 @@ This scope permits access to all files and list content of top level directories
 </td>
 <td>

-This scope permits to list all files and folders in the `$APP`folder.
+This scope permits to list all files and folders in the application directories.

 </td>
 </tr>
@@ -255,7 +255,7 @@ This scope permits recursive access to the complete `$APPCACHE` folder, includin
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder.
+This scope permits access to all files and list content of top level directories in the `$APPCACHE` folder.

 </td>
 </tr>
@@ -372,7 +372,7 @@ This scope permits recursive access to the complete `$APPCONFIG` folder, includi
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder.
+This scope permits access to all files and list content of top level directories in the `$APPCONFIG` folder.

 </td>
 </tr>
@@ -489,7 +489,7 @@ This scope permits recursive access to the complete `$APPDATA` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APPDATA`folder.
+This scope permits access to all files and list content of top level directories in the `$APPDATA` folder.

 </td>
 </tr>
@@ -606,7 +606,7 @@ This scope permits recursive access to the complete `$APPLOCALDATA` folder, incl
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder.
+This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA` folder.

 </td>
 </tr>
@@ -723,7 +723,7 @@ This scope permits recursive access to the complete `$APPLOG` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$APPLOG`folder.
+This scope permits access to all files and list content of top level directories in the `$APPLOG` folder.

 </td>
 </tr>
@@ -840,7 +840,7 @@ This scope permits recursive access to the complete `$AUDIO` folder, including s
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$AUDIO`folder.
+This scope permits access to all files and list content of top level directories in the `$AUDIO` folder.

 </td>
 </tr>
@@ -957,7 +957,7 @@ This scope permits recursive access to the complete `$CACHE` folder, including s
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$CACHE`folder.
+This scope permits access to all files and list content of top level directories in the `$CACHE` folder.

 </td>
 </tr>
@@ -1074,7 +1074,7 @@ This scope permits recursive access to the complete `$CONFIG` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$CONFIG`folder.
+This scope permits access to all files and list content of top level directories in the `$CONFIG` folder.

 </td>
 </tr>
@@ -1191,7 +1191,7 @@ This scope permits recursive access to the complete `$DATA` folder, including su
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$DATA`folder.
+This scope permits access to all files and list content of top level directories in the `$DATA` folder.

 </td>
 </tr>
@@ -1308,7 +1308,7 @@ This scope permits recursive access to the complete `$DESKTOP` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder.
+This scope permits access to all files and list content of top level directories in the `$DESKTOP` folder.

 </td>
 </tr>
@@ -1425,7 +1425,7 @@ This scope permits recursive access to the complete `$DOCUMENT` folder, includin
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder.
+This scope permits access to all files and list content of top level directories in the `$DOCUMENT` folder.

 </td>
 </tr>
@@ -1542,7 +1542,7 @@ This scope permits recursive access to the complete `$DOWNLOAD` folder, includin
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder.
+This scope permits access to all files and list content of top level directories in the `$DOWNLOAD` folder.

 </td>
 </tr>
@@ -1659,7 +1659,7 @@ This scope permits recursive access to the complete `$EXE` folder, including sub
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$EXE`folder.
+This scope permits access to all files and list content of top level directories in the `$EXE` folder.

 </td>
 </tr>
@@ -1776,7 +1776,7 @@ This scope permits recursive access to the complete `$FONT` folder, including su
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$FONT`folder.
+This scope permits access to all files and list content of top level directories in the `$FONT` folder.

 </td>
 </tr>
@@ -1893,7 +1893,7 @@ This scope permits recursive access to the complete `$HOME` folder, including su
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$HOME`folder.
+This scope permits access to all files and list content of top level directories in the `$HOME` folder.

 </td>
 </tr>
@@ -2010,7 +2010,7 @@ This scope permits recursive access to the complete `$LOCALDATA` folder, includi
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder.
+This scope permits access to all files and list content of top level directories in the `$LOCALDATA` folder.

 </td>
 </tr>
@@ -2127,7 +2127,7 @@ This scope permits recursive access to the complete `$LOG` folder, including sub
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$LOG`folder.
+This scope permits access to all files and list content of top level directories in the `$LOG` folder.

 </td>
 </tr>
@@ -2244,7 +2244,7 @@ This scope permits recursive access to the complete `$PICTURE` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$PICTURE`folder.
+This scope permits access to all files and list content of top level directories in the `$PICTURE` folder.

 </td>
 </tr>
@@ -2361,7 +2361,7 @@ This scope permits recursive access to the complete `$PUBLIC` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder.
+This scope permits access to all files and list content of top level directories in the `$PUBLIC` folder.

 </td>
 </tr>
@@ -2478,7 +2478,7 @@ This scope permits recursive access to the complete `$RESOURCE` folder, includin
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder.
+This scope permits access to all files and list content of top level directories in the `$RESOURCE` folder.

 </td>
 </tr>
@@ -2595,7 +2595,7 @@ This scope permits recursive access to the complete `$RUNTIME` folder, including
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder.
+This scope permits access to all files and list content of top level directories in the `$RUNTIME` folder.

 </td>
 </tr>
@@ -2712,7 +2712,7 @@ This scope permits recursive access to the complete `$TEMP` folder, including su
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$TEMP`folder.
+This scope permits access to all files and list content of top level directories in the `$TEMP` folder.

 </td>
 </tr>
@@ -2829,7 +2829,7 @@ This scope permits recursive access to the complete `$TEMPLATE` folder, includin
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder.
+This scope permits access to all files and list content of top level directories in the `$TEMPLATE` folder.

 </td>
 </tr>
@@ -2946,7 +2946,7 @@ This scope permits recursive access to the complete `$VIDEO` folder, including s
 </td>
 <td>

-This scope permits access to all files and list content of top level directories in the `$VIDEO`folder.
+This scope permits access to all files and list content of top level directories in the `$VIDEO` folder.

 </td>
 </tr>
@@ -5,19 +5,4 @@ identifier = "create-app-specific-dirs"
 description = """
 This permissions allows to create the application specific directories.
 """
-commands.allow = ["mkdir"]
-
-[[permission.scope.allow]]
-path = "$APPCONFIG"
-
-[[permission.scope.allow]]
-path = "$APPDATA"
-
-[[permission.scope.allow]]
-path = "$APPLOCALDATA"
-
-[[permission.scope.allow]]
-path = "$APPCACHE"
-
-[[permission.scope.allow]]
-path = "$APPLOG"
+commands.allow = ["mkdir", "scope-app-index"]
@@ -13,19 +13,5 @@ commands.allow = [
  "read_text_file_lines",
  "read_text_file_lines_next",
  "exists",
+  "scope-app-recursive",
 ]
-
-[[permission.scope.allow]]
-path = "$APPCONFIG/**"
-
-[[permission.scope.allow]]
-path = "$APPDATA/**"
-
-[[permission.scope.allow]]
-path = "$APPLOCALDATA/**"
-
-[[permission.scope.allow]]
-path = "$APPCACHE/**"
-
-[[permission.scope.allow]]
-path = "$APPLOG/**"
@@ -295,63 +295,63 @@
      "type": "string",
      "oneOf": [
        {
-          "description": "allow-app-read-recursive -> This allows full recursive read access to the complete `$APP` folder, files and subdirectories.",
+          "description": "allow-app-read-recursive -> This allows full recursive read access to the complete application folders, files and subdirectories.",
          "type": "string",
          "enum": [
            "allow-app-read-recursive"
          ]
        },
        {
-          "description": "allow-app-write-recursive -> This allows full recursive write access to the complete `$APP` folder, files and subdirectories.",
+          "description": "allow-app-write-recursive -> This allows full recursive write access to the complete application folders, files and subdirectories.",
          "type": "string",
          "enum": [
            "allow-app-write-recursive"
          ]
        },
        {
-          "description": "allow-app-read -> This allows non-recursive read access to the `$APP` folder.",
+          "description": "allow-app-read -> This allows non-recursive read access to the application folders.",
          "type": "string",
          "enum": [
            "allow-app-read"
          ]
        },
        {
-          "description": "allow-app-write -> This allows non-recursive write access to the `$APP` folder.",
+          "description": "allow-app-write -> This allows non-recursive write access to the application folders.",
          "type": "string",
          "enum": [
            "allow-app-write"
          ]
        },
        {
-          "description": "allow-app-meta-recursive -> This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.",
+          "description": "allow-app-meta-recursive -> This allows full recursive read access to metadata of the application folders, including file listing and statistics.",
          "type": "string",
          "enum": [
            "allow-app-meta-recursive"
          ]
        },
        {
-          "description": "allow-app-meta -> This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.",
+          "description": "allow-app-meta -> This allows non-recursive read access to metadata of the application folders, including file listing and statistics.",
          "type": "string",
          "enum": [
            "allow-app-meta"
          ]
        },
        {
-          "description": "scope-app-recursive -> This scope permits recursive access to the complete `$APP` folder, including sub directories and files.",
+          "description": "scope-app-recursive -> This scope permits recursive access to the complete application folders, including sub directories and files.",
          "type": "string",
          "enum": [
            "scope-app-recursive"
          ]
        },
        {
-          "description": "scope-app -> This scope permits access to all files and list content of top level directories in the `$APP`folder.",
+          "description": "scope-app -> This scope permits access to all files and list content of top level directories in the application folders.",
          "type": "string",
          "enum": [
            "scope-app"
          ]
        },
        {
-          "description": "scope-app-index -> This scope permits to list all files and folders in the `$APP`folder.",
+          "description": "scope-app-index -> This scope permits to list all files and folders in the application directories.",
          "type": "string",
          "enum": [
            "scope-app-index"
@@ -407,7 +407,7 @@
          ]
        },
        {
-          "description": "scope-appcache -> This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder.",
+          "description": "scope-appcache -> This scope permits access to all files and list content of top level directories in the `$APPCACHE` folder.",
          "type": "string",
          "enum": [
            "scope-appcache"
@@ -470,7 +470,7 @@
          ]
        },
        {
-          "description": "scope-appconfig -> This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder.",
+          "description": "scope-appconfig -> This scope permits access to all files and list content of top level directories in the `$APPCONFIG` folder.",
          "type": "string",
          "enum": [
            "scope-appconfig"
@@ -533,7 +533,7 @@
          ]
        },
        {
-          "description": "scope-appdata -> This scope permits access to all files and list content of top level directories in the `$APPDATA`folder.",
+          "description": "scope-appdata -> This scope permits access to all files and list content of top level directories in the `$APPDATA` folder.",
          "type": "string",
          "enum": [
            "scope-appdata"
@@ -596,7 +596,7 @@
          ]
        },
        {
-          "description": "scope-applocaldata -> This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder.",
+          "description": "scope-applocaldata -> This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA` folder.",
          "type": "string",
          "enum": [
            "scope-applocaldata"
@@ -659,7 +659,7 @@
          ]
        },
        {
-          "description": "scope-applog -> This scope permits access to all files and list content of top level directories in the `$APPLOG`folder.",
+          "description": "scope-applog -> This scope permits access to all files and list content of top level directories in the `$APPLOG` folder.",
          "type": "string",
          "enum": [
            "scope-applog"
@@ -722,7 +722,7 @@
          ]
        },
        {
-          "description": "scope-audio -> This scope permits access to all files and list content of top level directories in the `$AUDIO`folder.",
+          "description": "scope-audio -> This scope permits access to all files and list content of top level directories in the `$AUDIO` folder.",
          "type": "string",
          "enum": [
            "scope-audio"
@@ -785,7 +785,7 @@
          ]
        },
        {
-          "description": "scope-cache -> This scope permits access to all files and list content of top level directories in the `$CACHE`folder.",
+          "description": "scope-cache -> This scope permits access to all files and list content of top level directories in the `$CACHE` folder.",
          "type": "string",
          "enum": [
            "scope-cache"
@@ -848,7 +848,7 @@
          ]
        },
        {
-          "description": "scope-config -> This scope permits access to all files and list content of top level directories in the `$CONFIG`folder.",
+          "description": "scope-config -> This scope permits access to all files and list content of top level directories in the `$CONFIG` folder.",
          "type": "string",
          "enum": [
            "scope-config"
@@ -911,7 +911,7 @@
          ]
        },
        {
-          "description": "scope-data -> This scope permits access to all files and list content of top level directories in the `$DATA`folder.",
+          "description": "scope-data -> This scope permits access to all files and list content of top level directories in the `$DATA` folder.",
          "type": "string",
          "enum": [
            "scope-data"
@@ -974,7 +974,7 @@
          ]
        },
        {
-          "description": "scope-desktop -> This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder.",
+          "description": "scope-desktop -> This scope permits access to all files and list content of top level directories in the `$DESKTOP` folder.",
          "type": "string",
          "enum": [
            "scope-desktop"
@@ -1037,7 +1037,7 @@
          ]
        },
        {
-          "description": "scope-document -> This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder.",
+          "description": "scope-document -> This scope permits access to all files and list content of top level directories in the `$DOCUMENT` folder.",
          "type": "string",
          "enum": [
            "scope-document"
@@ -1100,7 +1100,7 @@
          ]
        },
        {
-          "description": "scope-download -> This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder.",
+          "description": "scope-download -> This scope permits access to all files and list content of top level directories in the `$DOWNLOAD` folder.",
          "type": "string",
          "enum": [
            "scope-download"
@@ -1163,7 +1163,7 @@
          ]
        },
        {
-          "description": "scope-exe -> This scope permits access to all files and list content of top level directories in the `$EXE`folder.",
+          "description": "scope-exe -> This scope permits access to all files and list content of top level directories in the `$EXE` folder.",
          "type": "string",
          "enum": [
            "scope-exe"
@@ -1226,7 +1226,7 @@
          ]
        },
        {
-          "description": "scope-font -> This scope permits access to all files and list content of top level directories in the `$FONT`folder.",
+          "description": "scope-font -> This scope permits access to all files and list content of top level directories in the `$FONT` folder.",
          "type": "string",
          "enum": [
            "scope-font"
@@ -1289,7 +1289,7 @@
          ]
        },
        {
-          "description": "scope-home -> This scope permits access to all files and list content of top level directories in the `$HOME`folder.",
+          "description": "scope-home -> This scope permits access to all files and list content of top level directories in the `$HOME` folder.",
          "type": "string",
          "enum": [
            "scope-home"
@@ -1352,7 +1352,7 @@
          ]
        },
        {
-          "description": "scope-localdata -> This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder.",
+          "description": "scope-localdata -> This scope permits access to all files and list content of top level directories in the `$LOCALDATA` folder.",
          "type": "string",
          "enum": [
            "scope-localdata"
@@ -1415,7 +1415,7 @@
          ]
        },
        {
-          "description": "scope-log -> This scope permits access to all files and list content of top level directories in the `$LOG`folder.",
+          "description": "scope-log -> This scope permits access to all files and list content of top level directories in the `$LOG` folder.",
          "type": "string",
          "enum": [
            "scope-log"
@@ -1478,7 +1478,7 @@
          ]
        },
        {
-          "description": "scope-picture -> This scope permits access to all files and list content of top level directories in the `$PICTURE`folder.",
+          "description": "scope-picture -> This scope permits access to all files and list content of top level directories in the `$PICTURE` folder.",
          "type": "string",
          "enum": [
            "scope-picture"
@@ -1541,7 +1541,7 @@
          ]
        },
        {
-          "description": "scope-public -> This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder.",
+          "description": "scope-public -> This scope permits access to all files and list content of top level directories in the `$PUBLIC` folder.",
          "type": "string",
          "enum": [
            "scope-public"
@@ -1604,7 +1604,7 @@
          ]
        },
        {
-          "description": "scope-resource -> This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder.",
+          "description": "scope-resource -> This scope permits access to all files and list content of top level directories in the `$RESOURCE` folder.",
          "type": "string",
          "enum": [
            "scope-resource"
@@ -1667,7 +1667,7 @@
          ]
        },
        {
-          "description": "scope-runtime -> This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder.",
+          "description": "scope-runtime -> This scope permits access to all files and list content of top level directories in the `$RUNTIME` folder.",
          "type": "string",
          "enum": [
            "scope-runtime"
@@ -1730,7 +1730,7 @@
          ]
        },
        {
-          "description": "scope-temp -> This scope permits access to all files and list content of top level directories in the `$TEMP`folder.",
+          "description": "scope-temp -> This scope permits access to all files and list content of top level directories in the `$TEMP` folder.",
          "type": "string",
          "enum": [
            "scope-temp"
@@ -1793,7 +1793,7 @@
          ]
        },
        {
-          "description": "scope-template -> This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder.",
+          "description": "scope-template -> This scope permits access to all files and list content of top level directories in the `$TEMPLATE` folder.",
          "type": "string",
          "enum": [
            "scope-template"
@@ -1856,7 +1856,7 @@
          ]
        },
        {
-          "description": "scope-video -> This scope permits access to all files and list content of top level directories in the `$VIDEO`folder.",
+          "description": "scope-video -> This scope permits access to all files and list content of top level directories in the `$VIDEO` folder.",
          "type": "string",
          "enum": [
            "scope-video"
@@ -19,7 +19,7 @@ pub struct Entry {
    /// It can start with a variable that resolves to a system base directory.
    /// The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`,
    /// `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`,
-    /// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$APP`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`,
+    /// `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`,
    /// `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.
    // use default just so the schema doesn't flag it as required
    #[serde(rename = "cmd")]