CalvinBackup/tauri-plugins-workspace
1
0
Fork 0
mirror of https://github.com/tauri-apps/plugins-workspace.git synced 2026-06-06 13:53:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: update to tauri beta, add permissions (#862)

Browse Source 
Co-authored-by: Lucas Nogueira <lucas@tauri.app>
Co-authored-by: Lucas Nogueira <lucas@crabnebula.dev>
This commit is contained in:
Tillmann
2024-02-04 03:14:41 +09:00
committed by GitHub
parent 506ce4835b
commit d198c01486
387 changed files with 21883 additions and 943 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/fs/Cargo.toml
+10 -3
View File
@@ -6,19 +6,26 @@ authors = { workspace = true }
license = { workspace = true }
edition = { workspace = true }
rust-version = { workspace = true }
links = "tauri-plugin-fs"
[package.metadata.docs.rs]
rustc-args = [ "--cfg", "docsrs" ]
rustdoc-args = [ "--cfg", "docsrs" ]
rustc-args = ["--cfg", "docsrs"]
rustdoc-args = ["--cfg", "docsrs"]
[build-dependencies]
tauri-plugin = { workspace = true, features = ["build"] }
schemars = { workspace = true }
[dependencies]
serde = { workspace = true }
serde_json = { workspace = true }
schemars = { workspace = true }
serde_repr = "0.1"
tauri = { workspace = true }
thiserror = { workspace = true }
url = { workspace = true }
anyhow = "1"
uuid = { version = "1", features = [ "v4" ] }
uuid = { version = "1", features = ["v4"] }
glob = "0.3"
notify = { version = "6", optional = true, features = [ "serde" ] }
notify-debouncer-full = { version = "0.3", optional = true }
plugins/fs/SECURITY.md
+51
View File
@@ -0,0 +1,51 @@
# Security Policy
**Do not report security vulnerabilities through public GitHub issues.**
**Please use the [Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) feature of GitHub.**
Include as much of the following information:
- Type of issue (e.g. improper input parsing, privilege escalation, etc.)
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- The distribution affected or used to help us with reproduction of the issue
- Step-by-step instructions to reproduce the issue
- Ideally a reproduction repository
- Impact of the issue, including how an attacker might exploit the issue
We prefer to receive reports in English.
## Contact
Please disclose a vulnerability or security relevant issue here: [https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new).
Alternatively, you can also contact us by email via [security@tauri.app](mailto:security@tauri.app).
## Threat Model
This plugin possibly allows access to the full filesystem available to the application process.
Depending on the operating system the access is already confined (android/ios) to only certain locations.
In other operating systems like Linux/MacOS/Windows it depends on the installation and packaging method but in most cases full
access is granted.
To prevent exposure of sensitive locations and data this plugin can be scoped to only allow certain base directories
or only access to specific files or subdirectories.
This scoping effectively affects only calls made from the webviews/frontend code and calls made from rust can always circumvent
the restrictions imposed by the scope.
The scope is defined at compile time in the used permissions but the user or application developer can grant or revoke access to specific files or folders at runtime by modifying the scope state through the runtime authority, if configured during plugin initialization.
### Security Assumptions
- The filesystem access is limited by user permissions
- The operating system filesystem access confinment works as documented
- The scoping mechanism of the Tauri `fs` commands work as intended and has no bypasses
- The user or application developer can grant or revoke access to specific files at runtime by modifying the scope
#### Out Of Scope
- Exploits in underlying filesystems
- Exploits in the underlying rust `std::fs` library
plugins/fs/build.rs
+164
View File
@@ -0,0 +1,164 @@
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
// SPDX-License-Identifier: Apache-2.0
// SPDX-License-Identifier: MIT
use std::{fs::create_dir_all, path::Path};
#[path = "src/scope.rs"]
#[allow(dead_code)]
mod scope;
const BASE_DIR_VARS: &[&str] = &[
"AUDIO",
"CACHE",
"CONFIG",
"DATA",
"LOCALDATA",
"DESKTOP",
"DOCUMENT",
"DOWNLOAD",
"EXE",
"FONT",
"HOME",
"PICTURE",
"PUBLIC",
"RUNTIME",
"TEMPLATE",
"VIDEO",
"RESOURCE",
"APP",
"LOG",
"TEMP",
"APPCONFIG",
"APPDATA",
"APPLOCALDATA",
"APPCACHE",
"APPLOG",
];
const COMMANDS: &[&str] = &[
"mkdir",
"create",
"copy_file",
"remove",
"rename",
"truncate",
"ftruncate",
"write",
"write_file",
"write_text_file",
"read_dir",
"read_file",
"read",
"open",
"read_text_file",
"read_text_file_lines",
"read_text_file_lines_next",
"seek",
"stat",
"lstat",
"fstat",
"exists",
"watch",
"unwatch",
];
fn main() {
let autogenerated = Path::new("permissions/autogenerated/");
let base_dirs = &autogenerated.join("base-directories");
if !base_dirs.exists() {
create_dir_all(base_dirs).expect("unable to create autogenerated base directories dir");
}
for base_dir in BASE_DIR_VARS {
let upper = base_dir;
let lower = base_dir.to_lowercase();
let toml = format!(
r###"# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-{lower}-recursive"
description = "This scope recursive access to the complete `${upper}` folder, including sub directories and files."
[[permission.scope.allow]]
path = "${upper}/**"
[[permission]]
identifier = "scope-{lower}"
description = "This scope permits access to all files and list content of top level directories in the `${upper}`folder."
[[permission.scope.allow]]
path = "${upper}/*"
[[permission]]
identifier = "scope-{lower}-index"
description = "This scope permits to list all files and folders in the `${upper}`folder."
[[permission.scope.allow]]
path = "${upper}/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-{lower}-read-recursive"
description = "This allows full recursive read access to the complete `${upper}` folder, files and subdirectories."
permissions = [
"read-all",
"scope-{lower}-recursive"
]
[[set]]
identifier = "allow-{lower}-write-recursive"
description = "This allows full recusrive write access to the complete `${upper}` folder, files and subdirectories."
permissions = [
"write-all",
"scope-{lower}-recursive"
]
[[set]]
identifier = "allow-{lower}-read"
description = "This allows non-recursive read access to the `${upper}` folder."
permissions = [
"read-all",
"scope-{lower}"
]
[[set]]
identifier = "allow-{lower}-write"
description = "This allows non-recursive write access to the `${upper}` folder."
permissions = [
"write-all",
"scope-{lower}"
]
[[set]]
identifier = "allow-{lower}-meta-recursive"
description = "This allows read access to metadata of the `${upper}` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-{lower}-recursive"
]
[[set]]
identifier = "allow-{lower}-meta"
description = "This allows read access to metadata of the `${upper}` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-{lower}-index"
]"###
);
std::fs::write(base_dirs.join(format!("{lower}.toml")), toml)
.unwrap_or_else(|e| panic!("unable to autogenerate ${upper}: {e}"));
}
tauri_plugin::Builder::new(COMMANDS)
.global_scope_schema(schemars::schema_for!(scope::Entry))
.build();
}
plugins/fs/package.json
+1 -1
View File
@@ -24,6 +24,6 @@
"LICENSE"
],
"dependencies": {
"@tauri-apps/api": "2.0.0-alpha.13"
"@tauri-apps/api": "2.0.0-beta.0"
}
}
plugins/fs/permissions/.gitignore
+1
View File
@@ -0,0 +1 @@
schemas/
plugins/fs/permissions/autogenerated/base-directories/app.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-app-recursive"
description = "This scope recursive access to the complete `$APP` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APP/**"
[[permission]]
identifier = "scope-app"
description = "This scope permits access to all files and list content of top level directories in the `$APP`folder."
[[permission.scope.allow]]
path = "$APP/*"
[[permission]]
identifier = "scope-app-index"
description = "This scope permits to list all files and folders in the `$APP`folder."
[[permission.scope.allow]]
path = "$APP/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-app-read-recursive"
description = "This allows full recursive read access to the complete `$APP` folder, files and subdirectories."
permissions = [
"read-all",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-write-recursive"
description = "This allows full recusrive write access to the complete `$APP` folder, files and subdirectories."
permissions = [
"write-all",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-read"
description = "This allows non-recursive read access to the `$APP` folder."
permissions = [
"read-all",
"scope-app"
]
[[set]]
identifier = "allow-app-write"
description = "This allows non-recursive write access to the `$APP` folder."
permissions = [
"write-all",
"scope-app"
]
[[set]]
identifier = "allow-app-meta-recursive"
description = "This allows read access to metadata of the `$APP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-app-recursive"
]
[[set]]
identifier = "allow-app-meta"
description = "This allows read access to metadata of the `$APP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-app-index"
]
plugins/fs/permissions/autogenerated/base-directories/appcache.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-appcache-recursive"
description = "This scope recursive access to the complete `$APPCACHE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APPCACHE/**"
[[permission]]
identifier = "scope-appcache"
description = "This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder."
[[permission.scope.allow]]
path = "$APPCACHE/*"
[[permission]]
identifier = "scope-appcache-index"
description = "This scope permits to list all files and folders in the `$APPCACHE`folder."
[[permission.scope.allow]]
path = "$APPCACHE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-appcache-read-recursive"
description = "This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-appcache-recursive"
]
[[set]]
identifier = "allow-appcache-write-recursive"
description = "This allows full recusrive write access to the complete `$APPCACHE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-appcache-recursive"
]
[[set]]
identifier = "allow-appcache-read"
description = "This allows non-recursive read access to the `$APPCACHE` folder."
permissions = [
"read-all",
"scope-appcache"
]
[[set]]
identifier = "allow-appcache-write"
description = "This allows non-recursive write access to the `$APPCACHE` folder."
permissions = [
"write-all",
"scope-appcache"
]
[[set]]
identifier = "allow-appcache-meta-recursive"
description = "This allows read access to metadata of the `$APPCACHE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appcache-recursive"
]
[[set]]
identifier = "allow-appcache-meta"
description = "This allows read access to metadata of the `$APPCACHE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appcache-index"
]
plugins/fs/permissions/autogenerated/base-directories/appconfig.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-appconfig-recursive"
description = "This scope recursive access to the complete `$APPCONFIG` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APPCONFIG/**"
[[permission]]
identifier = "scope-appconfig"
description = "This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder."
[[permission.scope.allow]]
path = "$APPCONFIG/*"
[[permission]]
identifier = "scope-appconfig-index"
description = "This scope permits to list all files and folders in the `$APPCONFIG`folder."
[[permission.scope.allow]]
path = "$APPCONFIG/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-appconfig-read-recursive"
description = "This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories."
permissions = [
"read-all",
"scope-appconfig-recursive"
]
[[set]]
identifier = "allow-appconfig-write-recursive"
description = "This allows full recusrive write access to the complete `$APPCONFIG` folder, files and subdirectories."
permissions = [
"write-all",
"scope-appconfig-recursive"
]
[[set]]
identifier = "allow-appconfig-read"
description = "This allows non-recursive read access to the `$APPCONFIG` folder."
permissions = [
"read-all",
"scope-appconfig"
]
[[set]]
identifier = "allow-appconfig-write"
description = "This allows non-recursive write access to the `$APPCONFIG` folder."
permissions = [
"write-all",
"scope-appconfig"
]
[[set]]
identifier = "allow-appconfig-meta-recursive"
description = "This allows read access to metadata of the `$APPCONFIG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appconfig-recursive"
]
[[set]]
identifier = "allow-appconfig-meta"
description = "This allows read access to metadata of the `$APPCONFIG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appconfig-index"
]
plugins/fs/permissions/autogenerated/base-directories/appdata.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-appdata-recursive"
description = "This scope recursive access to the complete `$APPDATA` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APPDATA/**"
[[permission]]
identifier = "scope-appdata"
description = "This scope permits access to all files and list content of top level directories in the `$APPDATA`folder."
[[permission.scope.allow]]
path = "$APPDATA/*"
[[permission]]
identifier = "scope-appdata-index"
description = "This scope permits to list all files and folders in the `$APPDATA`folder."
[[permission.scope.allow]]
path = "$APPDATA/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-appdata-read-recursive"
description = "This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories."
permissions = [
"read-all",
"scope-appdata-recursive"
]
[[set]]
identifier = "allow-appdata-write-recursive"
description = "This allows full recusrive write access to the complete `$APPDATA` folder, files and subdirectories."
permissions = [
"write-all",
"scope-appdata-recursive"
]
[[set]]
identifier = "allow-appdata-read"
description = "This allows non-recursive read access to the `$APPDATA` folder."
permissions = [
"read-all",
"scope-appdata"
]
[[set]]
identifier = "allow-appdata-write"
description = "This allows non-recursive write access to the `$APPDATA` folder."
permissions = [
"write-all",
"scope-appdata"
]
[[set]]
identifier = "allow-appdata-meta-recursive"
description = "This allows read access to metadata of the `$APPDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appdata-recursive"
]
[[set]]
identifier = "allow-appdata-meta"
description = "This allows read access to metadata of the `$APPDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-appdata-index"
]
plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-applocaldata-recursive"
description = "This scope recursive access to the complete `$APPLOCALDATA` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APPLOCALDATA/**"
[[permission]]
identifier = "scope-applocaldata"
description = "This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder."
[[permission.scope.allow]]
path = "$APPLOCALDATA/*"
[[permission]]
identifier = "scope-applocaldata-index"
description = "This scope permits to list all files and folders in the `$APPLOCALDATA`folder."
[[permission.scope.allow]]
path = "$APPLOCALDATA/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-applocaldata-read-recursive"
description = "This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories."
permissions = [
"read-all",
"scope-applocaldata-recursive"
]
[[set]]
identifier = "allow-applocaldata-write-recursive"
description = "This allows full recusrive write access to the complete `$APPLOCALDATA` folder, files and subdirectories."
permissions = [
"write-all",
"scope-applocaldata-recursive"
]
[[set]]
identifier = "allow-applocaldata-read"
description = "This allows non-recursive read access to the `$APPLOCALDATA` folder."
permissions = [
"read-all",
"scope-applocaldata"
]
[[set]]
identifier = "allow-applocaldata-write"
description = "This allows non-recursive write access to the `$APPLOCALDATA` folder."
permissions = [
"write-all",
"scope-applocaldata"
]
[[set]]
identifier = "allow-applocaldata-meta-recursive"
description = "This allows read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-applocaldata-recursive"
]
[[set]]
identifier = "allow-applocaldata-meta"
description = "This allows read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-applocaldata-index"
]
plugins/fs/permissions/autogenerated/base-directories/applog.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-applog-recursive"
description = "This scope recursive access to the complete `$APPLOG` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$APPLOG/**"
[[permission]]
identifier = "scope-applog"
description = "This scope permits access to all files and list content of top level directories in the `$APPLOG`folder."
[[permission.scope.allow]]
path = "$APPLOG/*"
[[permission]]
identifier = "scope-applog-index"
description = "This scope permits to list all files and folders in the `$APPLOG`folder."
[[permission.scope.allow]]
path = "$APPLOG/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-applog-read-recursive"
description = "This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories."
permissions = [
"read-all",
"scope-applog-recursive"
]
[[set]]
identifier = "allow-applog-write-recursive"
description = "This allows full recusrive write access to the complete `$APPLOG` folder, files and subdirectories."
permissions = [
"write-all",
"scope-applog-recursive"
]
[[set]]
identifier = "allow-applog-read"
description = "This allows non-recursive read access to the `$APPLOG` folder."
permissions = [
"read-all",
"scope-applog"
]
[[set]]
identifier = "allow-applog-write"
description = "This allows non-recursive write access to the `$APPLOG` folder."
permissions = [
"write-all",
"scope-applog"
]
[[set]]
identifier = "allow-applog-meta-recursive"
description = "This allows read access to metadata of the `$APPLOG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-applog-recursive"
]
[[set]]
identifier = "allow-applog-meta"
description = "This allows read access to metadata of the `$APPLOG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-applog-index"
]
plugins/fs/permissions/autogenerated/base-directories/audio.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-audio-recursive"
description = "This scope recursive access to the complete `$AUDIO` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$AUDIO/**"
[[permission]]
identifier = "scope-audio"
description = "This scope permits access to all files and list content of top level directories in the `$AUDIO`folder."
[[permission.scope.allow]]
path = "$AUDIO/*"
[[permission]]
identifier = "scope-audio-index"
description = "This scope permits to list all files and folders in the `$AUDIO`folder."
[[permission.scope.allow]]
path = "$AUDIO/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-audio-read-recursive"
description = "This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories."
permissions = [
"read-all",
"scope-audio-recursive"
]
[[set]]
identifier = "allow-audio-write-recursive"
description = "This allows full recusrive write access to the complete `$AUDIO` folder, files and subdirectories."
permissions = [
"write-all",
"scope-audio-recursive"
]
[[set]]
identifier = "allow-audio-read"
description = "This allows non-recursive read access to the `$AUDIO` folder."
permissions = [
"read-all",
"scope-audio"
]
[[set]]
identifier = "allow-audio-write"
description = "This allows non-recursive write access to the `$AUDIO` folder."
permissions = [
"write-all",
"scope-audio"
]
[[set]]
identifier = "allow-audio-meta-recursive"
description = "This allows read access to metadata of the `$AUDIO` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-audio-recursive"
]
[[set]]
identifier = "allow-audio-meta"
description = "This allows read access to metadata of the `$AUDIO` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-audio-index"
]
plugins/fs/permissions/autogenerated/base-directories/cache.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-cache-recursive"
description = "This scope recursive access to the complete `$CACHE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$CACHE/**"
[[permission]]
identifier = "scope-cache"
description = "This scope permits access to all files and list content of top level directories in the `$CACHE`folder."
[[permission.scope.allow]]
path = "$CACHE/*"
[[permission]]
identifier = "scope-cache-index"
description = "This scope permits to list all files and folders in the `$CACHE`folder."
[[permission.scope.allow]]
path = "$CACHE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-cache-read-recursive"
description = "This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-cache-recursive"
]
[[set]]
identifier = "allow-cache-write-recursive"
description = "This allows full recusrive write access to the complete `$CACHE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-cache-recursive"
]
[[set]]
identifier = "allow-cache-read"
description = "This allows non-recursive read access to the `$CACHE` folder."
permissions = [
"read-all",
"scope-cache"
]
[[set]]
identifier = "allow-cache-write"
description = "This allows non-recursive write access to the `$CACHE` folder."
permissions = [
"write-all",
"scope-cache"
]
[[set]]
identifier = "allow-cache-meta-recursive"
description = "This allows read access to metadata of the `$CACHE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-cache-recursive"
]
[[set]]
identifier = "allow-cache-meta"
description = "This allows read access to metadata of the `$CACHE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-cache-index"
]
plugins/fs/permissions/autogenerated/base-directories/config.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-config-recursive"
description = "This scope recursive access to the complete `$CONFIG` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$CONFIG/**"
[[permission]]
identifier = "scope-config"
description = "This scope permits access to all files and list content of top level directories in the `$CONFIG`folder."
[[permission.scope.allow]]
path = "$CONFIG/*"
[[permission]]
identifier = "scope-config-index"
description = "This scope permits to list all files and folders in the `$CONFIG`folder."
[[permission.scope.allow]]
path = "$CONFIG/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-config-read-recursive"
description = "This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories."
permissions = [
"read-all",
"scope-config-recursive"
]
[[set]]
identifier = "allow-config-write-recursive"
description = "This allows full recusrive write access to the complete `$CONFIG` folder, files and subdirectories."
permissions = [
"write-all",
"scope-config-recursive"
]
[[set]]
identifier = "allow-config-read"
description = "This allows non-recursive read access to the `$CONFIG` folder."
permissions = [
"read-all",
"scope-config"
]
[[set]]
identifier = "allow-config-write"
description = "This allows non-recursive write access to the `$CONFIG` folder."
permissions = [
"write-all",
"scope-config"
]
[[set]]
identifier = "allow-config-meta-recursive"
description = "This allows read access to metadata of the `$CONFIG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-config-recursive"
]
[[set]]
identifier = "allow-config-meta"
description = "This allows read access to metadata of the `$CONFIG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-config-index"
]
plugins/fs/permissions/autogenerated/base-directories/data.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-data-recursive"
description = "This scope recursive access to the complete `$DATA` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$DATA/**"
[[permission]]
identifier = "scope-data"
description = "This scope permits access to all files and list content of top level directories in the `$DATA`folder."
[[permission.scope.allow]]
path = "$DATA/*"
[[permission]]
identifier = "scope-data-index"
description = "This scope permits to list all files and folders in the `$DATA`folder."
[[permission.scope.allow]]
path = "$DATA/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-data-read-recursive"
description = "This allows full recursive read access to the complete `$DATA` folder, files and subdirectories."
permissions = [
"read-all",
"scope-data-recursive"
]
[[set]]
identifier = "allow-data-write-recursive"
description = "This allows full recusrive write access to the complete `$DATA` folder, files and subdirectories."
permissions = [
"write-all",
"scope-data-recursive"
]
[[set]]
identifier = "allow-data-read"
description = "This allows non-recursive read access to the `$DATA` folder."
permissions = [
"read-all",
"scope-data"
]
[[set]]
identifier = "allow-data-write"
description = "This allows non-recursive write access to the `$DATA` folder."
permissions = [
"write-all",
"scope-data"
]
[[set]]
identifier = "allow-data-meta-recursive"
description = "This allows read access to metadata of the `$DATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-data-recursive"
]
[[set]]
identifier = "allow-data-meta"
description = "This allows read access to metadata of the `$DATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-data-index"
]
plugins/fs/permissions/autogenerated/base-directories/desktop.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-desktop-recursive"
description = "This scope recursive access to the complete `$DESKTOP` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$DESKTOP/**"
[[permission]]
identifier = "scope-desktop"
description = "This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder."
[[permission.scope.allow]]
path = "$DESKTOP/*"
[[permission]]
identifier = "scope-desktop-index"
description = "This scope permits to list all files and folders in the `$DESKTOP`folder."
[[permission.scope.allow]]
path = "$DESKTOP/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-desktop-read-recursive"
description = "This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories."
permissions = [
"read-all",
"scope-desktop-recursive"
]
[[set]]
identifier = "allow-desktop-write-recursive"
description = "This allows full recusrive write access to the complete `$DESKTOP` folder, files and subdirectories."
permissions = [
"write-all",
"scope-desktop-recursive"
]
[[set]]
identifier = "allow-desktop-read"
description = "This allows non-recursive read access to the `$DESKTOP` folder."
permissions = [
"read-all",
"scope-desktop"
]
[[set]]
identifier = "allow-desktop-write"
description = "This allows non-recursive write access to the `$DESKTOP` folder."
permissions = [
"write-all",
"scope-desktop"
]
[[set]]
identifier = "allow-desktop-meta-recursive"
description = "This allows read access to metadata of the `$DESKTOP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-desktop-recursive"
]
[[set]]
identifier = "allow-desktop-meta"
description = "This allows read access to metadata of the `$DESKTOP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-desktop-index"
]
plugins/fs/permissions/autogenerated/base-directories/document.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-document-recursive"
description = "This scope recursive access to the complete `$DOCUMENT` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$DOCUMENT/**"
[[permission]]
identifier = "scope-document"
description = "This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder."
[[permission.scope.allow]]
path = "$DOCUMENT/*"
[[permission]]
identifier = "scope-document-index"
description = "This scope permits to list all files and folders in the `$DOCUMENT`folder."
[[permission.scope.allow]]
path = "$DOCUMENT/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-document-read-recursive"
description = "This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories."
permissions = [
"read-all",
"scope-document-recursive"
]
[[set]]
identifier = "allow-document-write-recursive"
description = "This allows full recusrive write access to the complete `$DOCUMENT` folder, files and subdirectories."
permissions = [
"write-all",
"scope-document-recursive"
]
[[set]]
identifier = "allow-document-read"
description = "This allows non-recursive read access to the `$DOCUMENT` folder."
permissions = [
"read-all",
"scope-document"
]
[[set]]
identifier = "allow-document-write"
description = "This allows non-recursive write access to the `$DOCUMENT` folder."
permissions = [
"write-all",
"scope-document"
]
[[set]]
identifier = "allow-document-meta-recursive"
description = "This allows read access to metadata of the `$DOCUMENT` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-document-recursive"
]
[[set]]
identifier = "allow-document-meta"
description = "This allows read access to metadata of the `$DOCUMENT` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-document-index"
]
plugins/fs/permissions/autogenerated/base-directories/download.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-download-recursive"
description = "This scope recursive access to the complete `$DOWNLOAD` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$DOWNLOAD/**"
[[permission]]
identifier = "scope-download"
description = "This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder."
[[permission.scope.allow]]
path = "$DOWNLOAD/*"
[[permission]]
identifier = "scope-download-index"
description = "This scope permits to list all files and folders in the `$DOWNLOAD`folder."
[[permission.scope.allow]]
path = "$DOWNLOAD/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-download-read-recursive"
description = "This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories."
permissions = [
"read-all",
"scope-download-recursive"
]
[[set]]
identifier = "allow-download-write-recursive"
description = "This allows full recusrive write access to the complete `$DOWNLOAD` folder, files and subdirectories."
permissions = [
"write-all",
"scope-download-recursive"
]
[[set]]
identifier = "allow-download-read"
description = "This allows non-recursive read access to the `$DOWNLOAD` folder."
permissions = [
"read-all",
"scope-download"
]
[[set]]
identifier = "allow-download-write"
description = "This allows non-recursive write access to the `$DOWNLOAD` folder."
permissions = [
"write-all",
"scope-download"
]
[[set]]
identifier = "allow-download-meta-recursive"
description = "This allows read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-download-recursive"
]
[[set]]
identifier = "allow-download-meta"
description = "This allows read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-download-index"
]
plugins/fs/permissions/autogenerated/base-directories/exe.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-exe-recursive"
description = "This scope recursive access to the complete `$EXE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$EXE/**"
[[permission]]
identifier = "scope-exe"
description = "This scope permits access to all files and list content of top level directories in the `$EXE`folder."
[[permission.scope.allow]]
path = "$EXE/*"
[[permission]]
identifier = "scope-exe-index"
description = "This scope permits to list all files and folders in the `$EXE`folder."
[[permission.scope.allow]]
path = "$EXE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-exe-read-recursive"
description = "This allows full recursive read access to the complete `$EXE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-exe-recursive"
]
[[set]]
identifier = "allow-exe-write-recursive"
description = "This allows full recusrive write access to the complete `$EXE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-exe-recursive"
]
[[set]]
identifier = "allow-exe-read"
description = "This allows non-recursive read access to the `$EXE` folder."
permissions = [
"read-all",
"scope-exe"
]
[[set]]
identifier = "allow-exe-write"
description = "This allows non-recursive write access to the `$EXE` folder."
permissions = [
"write-all",
"scope-exe"
]
[[set]]
identifier = "allow-exe-meta-recursive"
description = "This allows read access to metadata of the `$EXE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-exe-recursive"
]
[[set]]
identifier = "allow-exe-meta"
description = "This allows read access to metadata of the `$EXE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-exe-index"
]
plugins/fs/permissions/autogenerated/base-directories/font.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-font-recursive"
description = "This scope recursive access to the complete `$FONT` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$FONT/**"
[[permission]]
identifier = "scope-font"
description = "This scope permits access to all files and list content of top level directories in the `$FONT`folder."
[[permission.scope.allow]]
path = "$FONT/*"
[[permission]]
identifier = "scope-font-index"
description = "This scope permits to list all files and folders in the `$FONT`folder."
[[permission.scope.allow]]
path = "$FONT/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-font-read-recursive"
description = "This allows full recursive read access to the complete `$FONT` folder, files and subdirectories."
permissions = [
"read-all",
"scope-font-recursive"
]
[[set]]
identifier = "allow-font-write-recursive"
description = "This allows full recusrive write access to the complete `$FONT` folder, files and subdirectories."
permissions = [
"write-all",
"scope-font-recursive"
]
[[set]]
identifier = "allow-font-read"
description = "This allows non-recursive read access to the `$FONT` folder."
permissions = [
"read-all",
"scope-font"
]
[[set]]
identifier = "allow-font-write"
description = "This allows non-recursive write access to the `$FONT` folder."
permissions = [
"write-all",
"scope-font"
]
[[set]]
identifier = "allow-font-meta-recursive"
description = "This allows read access to metadata of the `$FONT` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-font-recursive"
]
[[set]]
identifier = "allow-font-meta"
description = "This allows read access to metadata of the `$FONT` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-font-index"
]
plugins/fs/permissions/autogenerated/base-directories/home.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-home-recursive"
description = "This scope recursive access to the complete `$HOME` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$HOME/**"
[[permission]]
identifier = "scope-home"
description = "This scope permits access to all files and list content of top level directories in the `$HOME`folder."
[[permission.scope.allow]]
path = "$HOME/*"
[[permission]]
identifier = "scope-home-index"
description = "This scope permits to list all files and folders in the `$HOME`folder."
[[permission.scope.allow]]
path = "$HOME/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-home-read-recursive"
description = "This allows full recursive read access to the complete `$HOME` folder, files and subdirectories."
permissions = [
"read-all",
"scope-home-recursive"
]
[[set]]
identifier = "allow-home-write-recursive"
description = "This allows full recusrive write access to the complete `$HOME` folder, files and subdirectories."
permissions = [
"write-all",
"scope-home-recursive"
]
[[set]]
identifier = "allow-home-read"
description = "This allows non-recursive read access to the `$HOME` folder."
permissions = [
"read-all",
"scope-home"
]
[[set]]
identifier = "allow-home-write"
description = "This allows non-recursive write access to the `$HOME` folder."
permissions = [
"write-all",
"scope-home"
]
[[set]]
identifier = "allow-home-meta-recursive"
description = "This allows read access to metadata of the `$HOME` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-home-recursive"
]
[[set]]
identifier = "allow-home-meta"
description = "This allows read access to metadata of the `$HOME` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-home-index"
]
plugins/fs/permissions/autogenerated/base-directories/localdata.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-localdata-recursive"
description = "This scope recursive access to the complete `$LOCALDATA` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$LOCALDATA/**"
[[permission]]
identifier = "scope-localdata"
description = "This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder."
[[permission.scope.allow]]
path = "$LOCALDATA/*"
[[permission]]
identifier = "scope-localdata-index"
description = "This scope permits to list all files and folders in the `$LOCALDATA`folder."
[[permission.scope.allow]]
path = "$LOCALDATA/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-localdata-read-recursive"
description = "This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories."
permissions = [
"read-all",
"scope-localdata-recursive"
]
[[set]]
identifier = "allow-localdata-write-recursive"
description = "This allows full recusrive write access to the complete `$LOCALDATA` folder, files and subdirectories."
permissions = [
"write-all",
"scope-localdata-recursive"
]
[[set]]
identifier = "allow-localdata-read"
description = "This allows non-recursive read access to the `$LOCALDATA` folder."
permissions = [
"read-all",
"scope-localdata"
]
[[set]]
identifier = "allow-localdata-write"
description = "This allows non-recursive write access to the `$LOCALDATA` folder."
permissions = [
"write-all",
"scope-localdata"
]
[[set]]
identifier = "allow-localdata-meta-recursive"
description = "This allows read access to metadata of the `$LOCALDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-localdata-recursive"
]
[[set]]
identifier = "allow-localdata-meta"
description = "This allows read access to metadata of the `$LOCALDATA` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-localdata-index"
]
plugins/fs/permissions/autogenerated/base-directories/log.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-log-recursive"
description = "This scope recursive access to the complete `$LOG` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$LOG/**"
[[permission]]
identifier = "scope-log"
description = "This scope permits access to all files and list content of top level directories in the `$LOG`folder."
[[permission.scope.allow]]
path = "$LOG/*"
[[permission]]
identifier = "scope-log-index"
description = "This scope permits to list all files and folders in the `$LOG`folder."
[[permission.scope.allow]]
path = "$LOG/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-log-read-recursive"
description = "This allows full recursive read access to the complete `$LOG` folder, files and subdirectories."
permissions = [
"read-all",
"scope-log-recursive"
]
[[set]]
identifier = "allow-log-write-recursive"
description = "This allows full recusrive write access to the complete `$LOG` folder, files and subdirectories."
permissions = [
"write-all",
"scope-log-recursive"
]
[[set]]
identifier = "allow-log-read"
description = "This allows non-recursive read access to the `$LOG` folder."
permissions = [
"read-all",
"scope-log"
]
[[set]]
identifier = "allow-log-write"
description = "This allows non-recursive write access to the `$LOG` folder."
permissions = [
"write-all",
"scope-log"
]
[[set]]
identifier = "allow-log-meta-recursive"
description = "This allows read access to metadata of the `$LOG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-log-recursive"
]
[[set]]
identifier = "allow-log-meta"
description = "This allows read access to metadata of the `$LOG` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-log-index"
]
plugins/fs/permissions/autogenerated/base-directories/picture.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-picture-recursive"
description = "This scope recursive access to the complete `$PICTURE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$PICTURE/**"
[[permission]]
identifier = "scope-picture"
description = "This scope permits access to all files and list content of top level directories in the `$PICTURE`folder."
[[permission.scope.allow]]
path = "$PICTURE/*"
[[permission]]
identifier = "scope-picture-index"
description = "This scope permits to list all files and folders in the `$PICTURE`folder."
[[permission.scope.allow]]
path = "$PICTURE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-picture-read-recursive"
description = "This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-picture-recursive"
]
[[set]]
identifier = "allow-picture-write-recursive"
description = "This allows full recusrive write access to the complete `$PICTURE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-picture-recursive"
]
[[set]]
identifier = "allow-picture-read"
description = "This allows non-recursive read access to the `$PICTURE` folder."
permissions = [
"read-all",
"scope-picture"
]
[[set]]
identifier = "allow-picture-write"
description = "This allows non-recursive write access to the `$PICTURE` folder."
permissions = [
"write-all",
"scope-picture"
]
[[set]]
identifier = "allow-picture-meta-recursive"
description = "This allows read access to metadata of the `$PICTURE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-picture-recursive"
]
[[set]]
identifier = "allow-picture-meta"
description = "This allows read access to metadata of the `$PICTURE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-picture-index"
]
plugins/fs/permissions/autogenerated/base-directories/public.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-public-recursive"
description = "This scope recursive access to the complete `$PUBLIC` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$PUBLIC/**"
[[permission]]
identifier = "scope-public"
description = "This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder."
[[permission.scope.allow]]
path = "$PUBLIC/*"
[[permission]]
identifier = "scope-public-index"
description = "This scope permits to list all files and folders in the `$PUBLIC`folder."
[[permission.scope.allow]]
path = "$PUBLIC/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-public-read-recursive"
description = "This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories."
permissions = [
"read-all",
"scope-public-recursive"
]
[[set]]
identifier = "allow-public-write-recursive"
description = "This allows full recusrive write access to the complete `$PUBLIC` folder, files and subdirectories."
permissions = [
"write-all",
"scope-public-recursive"
]
[[set]]
identifier = "allow-public-read"
description = "This allows non-recursive read access to the `$PUBLIC` folder."
permissions = [
"read-all",
"scope-public"
]
[[set]]
identifier = "allow-public-write"
description = "This allows non-recursive write access to the `$PUBLIC` folder."
permissions = [
"write-all",
"scope-public"
]
[[set]]
identifier = "allow-public-meta-recursive"
description = "This allows read access to metadata of the `$PUBLIC` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-public-recursive"
]
[[set]]
identifier = "allow-public-meta"
description = "This allows read access to metadata of the `$PUBLIC` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-public-index"
]
plugins/fs/permissions/autogenerated/base-directories/resource.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-resource-recursive"
description = "This scope recursive access to the complete `$RESOURCE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$RESOURCE/**"
[[permission]]
identifier = "scope-resource"
description = "This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder."
[[permission.scope.allow]]
path = "$RESOURCE/*"
[[permission]]
identifier = "scope-resource-index"
description = "This scope permits to list all files and folders in the `$RESOURCE`folder."
[[permission.scope.allow]]
path = "$RESOURCE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-resource-read-recursive"
description = "This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-resource-recursive"
]
[[set]]
identifier = "allow-resource-write-recursive"
description = "This allows full recusrive write access to the complete `$RESOURCE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-resource-recursive"
]
[[set]]
identifier = "allow-resource-read"
description = "This allows non-recursive read access to the `$RESOURCE` folder."
permissions = [
"read-all",
"scope-resource"
]
[[set]]
identifier = "allow-resource-write"
description = "This allows non-recursive write access to the `$RESOURCE` folder."
permissions = [
"write-all",
"scope-resource"
]
[[set]]
identifier = "allow-resource-meta-recursive"
description = "This allows read access to metadata of the `$RESOURCE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-resource-recursive"
]
[[set]]
identifier = "allow-resource-meta"
description = "This allows read access to metadata of the `$RESOURCE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-resource-index"
]
plugins/fs/permissions/autogenerated/base-directories/runtime.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-runtime-recursive"
description = "This scope recursive access to the complete `$RUNTIME` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$RUNTIME/**"
[[permission]]
identifier = "scope-runtime"
description = "This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder."
[[permission.scope.allow]]
path = "$RUNTIME/*"
[[permission]]
identifier = "scope-runtime-index"
description = "This scope permits to list all files and folders in the `$RUNTIME`folder."
[[permission.scope.allow]]
path = "$RUNTIME/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-runtime-read-recursive"
description = "This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories."
permissions = [
"read-all",
"scope-runtime-recursive"
]
[[set]]
identifier = "allow-runtime-write-recursive"
description = "This allows full recusrive write access to the complete `$RUNTIME` folder, files and subdirectories."
permissions = [
"write-all",
"scope-runtime-recursive"
]
[[set]]
identifier = "allow-runtime-read"
description = "This allows non-recursive read access to the `$RUNTIME` folder."
permissions = [
"read-all",
"scope-runtime"
]
[[set]]
identifier = "allow-runtime-write"
description = "This allows non-recursive write access to the `$RUNTIME` folder."
permissions = [
"write-all",
"scope-runtime"
]
[[set]]
identifier = "allow-runtime-meta-recursive"
description = "This allows read access to metadata of the `$RUNTIME` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-runtime-recursive"
]
[[set]]
identifier = "allow-runtime-meta"
description = "This allows read access to metadata of the `$RUNTIME` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-runtime-index"
]
plugins/fs/permissions/autogenerated/base-directories/temp.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-temp-recursive"
description = "This scope recursive access to the complete `$TEMP` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$TEMP/**"
[[permission]]
identifier = "scope-temp"
description = "This scope permits access to all files and list content of top level directories in the `$TEMP`folder."
[[permission.scope.allow]]
path = "$TEMP/*"
[[permission]]
identifier = "scope-temp-index"
description = "This scope permits to list all files and folders in the `$TEMP`folder."
[[permission.scope.allow]]
path = "$TEMP/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-temp-read-recursive"
description = "This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories."
permissions = [
"read-all",
"scope-temp-recursive"
]
[[set]]
identifier = "allow-temp-write-recursive"
description = "This allows full recusrive write access to the complete `$TEMP` folder, files and subdirectories."
permissions = [
"write-all",
"scope-temp-recursive"
]
[[set]]
identifier = "allow-temp-read"
description = "This allows non-recursive read access to the `$TEMP` folder."
permissions = [
"read-all",
"scope-temp"
]
[[set]]
identifier = "allow-temp-write"
description = "This allows non-recursive write access to the `$TEMP` folder."
permissions = [
"write-all",
"scope-temp"
]
[[set]]
identifier = "allow-temp-meta-recursive"
description = "This allows read access to metadata of the `$TEMP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-temp-recursive"
]
[[set]]
identifier = "allow-temp-meta"
description = "This allows read access to metadata of the `$TEMP` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-temp-index"
]
plugins/fs/permissions/autogenerated/base-directories/template.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-template-recursive"
description = "This scope recursive access to the complete `$TEMPLATE` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$TEMPLATE/**"
[[permission]]
identifier = "scope-template"
description = "This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder."
[[permission.scope.allow]]
path = "$TEMPLATE/*"
[[permission]]
identifier = "scope-template-index"
description = "This scope permits to list all files and folders in the `$TEMPLATE`folder."
[[permission.scope.allow]]
path = "$TEMPLATE/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-template-read-recursive"
description = "This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories."
permissions = [
"read-all",
"scope-template-recursive"
]
[[set]]
identifier = "allow-template-write-recursive"
description = "This allows full recusrive write access to the complete `$TEMPLATE` folder, files and subdirectories."
permissions = [
"write-all",
"scope-template-recursive"
]
[[set]]
identifier = "allow-template-read"
description = "This allows non-recursive read access to the `$TEMPLATE` folder."
permissions = [
"read-all",
"scope-template"
]
[[set]]
identifier = "allow-template-write"
description = "This allows non-recursive write access to the `$TEMPLATE` folder."
permissions = [
"write-all",
"scope-template"
]
[[set]]
identifier = "allow-template-meta-recursive"
description = "This allows read access to metadata of the `$TEMPLATE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-template-recursive"
]
[[set]]
identifier = "allow-template-meta"
description = "This allows read access to metadata of the `$TEMPLATE` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-template-index"
]
plugins/fs/permissions/autogenerated/base-directories/video.toml
+78
View File
@@ -0,0 +1,78 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
# Scopes Section
# This section contains scopes, which define file level access
[[permission]]
identifier = "scope-video-recursive"
description = "This scope recursive access to the complete `$VIDEO` folder, including sub directories and files."
[[permission.scope.allow]]
path = "$VIDEO/**"
[[permission]]
identifier = "scope-video"
description = "This scope permits access to all files and list content of top level directories in the `$VIDEO`folder."
[[permission.scope.allow]]
path = "$VIDEO/*"
[[permission]]
identifier = "scope-video-index"
description = "This scope permits to list all files and folders in the `$VIDEO`folder."
[[permission.scope.allow]]
path = "$VIDEO/"
# Sets Section
# This section combines the scope elements with enablement of commands
[[set]]
identifier = "allow-video-read-recursive"
description = "This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories."
permissions = [
"read-all",
"scope-video-recursive"
]
[[set]]
identifier = "allow-video-write-recursive"
description = "This allows full recusrive write access to the complete `$VIDEO` folder, files and subdirectories."
permissions = [
"write-all",
"scope-video-recursive"
]
[[set]]
identifier = "allow-video-read"
description = "This allows non-recursive read access to the `$VIDEO` folder."
permissions = [
"read-all",
"scope-video"
]
[[set]]
identifier = "allow-video-write"
description = "This allows non-recursive write access to the `$VIDEO` folder."
permissions = [
"write-all",
"scope-video"
]
[[set]]
identifier = "allow-video-meta-recursive"
description = "This allows read access to metadata of the `$VIDEO` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-video-recursive"
]
[[set]]
identifier = "allow-video-meta"
description = "This allows read access to metadata of the `$VIDEO` folder, including file listing and statistics."
permissions = [
"read-meta",
"scope-video-index"
]
plugins/fs/permissions/autogenerated/commands/copy_file.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-copy-file"
description = "Enables the copy_file command without any pre-configured scope."
commands.allow = ["copy_file"]
[[permission]]
identifier = "deny-copy-file"
description = "Denies the copy_file command without any pre-configured scope."
commands.deny = ["copy_file"]
plugins/fs/permissions/autogenerated/commands/create.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-create"
description = "Enables the create command without any pre-configured scope."
commands.allow = ["create"]
[[permission]]
identifier = "deny-create"
description = "Denies the create command without any pre-configured scope."
commands.deny = ["create"]
plugins/fs/permissions/autogenerated/commands/exists.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-exists"
description = "Enables the exists command without any pre-configured scope."
commands.allow = ["exists"]
[[permission]]
identifier = "deny-exists"
description = "Denies the exists command without any pre-configured scope."
commands.deny = ["exists"]
plugins/fs/permissions/autogenerated/commands/fstat.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-fstat"
description = "Enables the fstat command without any pre-configured scope."
commands.allow = ["fstat"]
[[permission]]
identifier = "deny-fstat"
description = "Denies the fstat command without any pre-configured scope."
commands.deny = ["fstat"]
plugins/fs/permissions/autogenerated/commands/ftruncate.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-ftruncate"
description = "Enables the ftruncate command without any pre-configured scope."
commands.allow = ["ftruncate"]
[[permission]]
identifier = "deny-ftruncate"
description = "Denies the ftruncate command without any pre-configured scope."
commands.deny = ["ftruncate"]
plugins/fs/permissions/autogenerated/commands/lstat.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-lstat"
description = "Enables the lstat command without any pre-configured scope."
commands.allow = ["lstat"]
[[permission]]
identifier = "deny-lstat"
description = "Denies the lstat command without any pre-configured scope."
commands.deny = ["lstat"]
plugins/fs/permissions/autogenerated/commands/mkdir.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-mkdir"
description = "Enables the mkdir command without any pre-configured scope."
commands.allow = ["mkdir"]
[[permission]]
identifier = "deny-mkdir"
description = "Denies the mkdir command without any pre-configured scope."
commands.deny = ["mkdir"]
plugins/fs/permissions/autogenerated/commands/open.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-open"
description = "Enables the open command without any pre-configured scope."
commands.allow = ["open"]
[[permission]]
identifier = "deny-open"
description = "Denies the open command without any pre-configured scope."
commands.deny = ["open"]
plugins/fs/permissions/autogenerated/commands/read.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read"
description = "Enables the read command without any pre-configured scope."
commands.allow = ["read"]
[[permission]]
identifier = "deny-read"
description = "Denies the read command without any pre-configured scope."
commands.deny = ["read"]
plugins/fs/permissions/autogenerated/commands/read_dir.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read-dir"
description = "Enables the read_dir command without any pre-configured scope."
commands.allow = ["read_dir"]
[[permission]]
identifier = "deny-read-dir"
description = "Denies the read_dir command without any pre-configured scope."
commands.deny = ["read_dir"]
plugins/fs/permissions/autogenerated/commands/read_file.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read-file"
description = "Enables the read_file command without any pre-configured scope."
commands.allow = ["read_file"]
[[permission]]
identifier = "deny-read-file"
description = "Denies the read_file command without any pre-configured scope."
commands.deny = ["read_file"]
plugins/fs/permissions/autogenerated/commands/read_text_file.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read-text-file"
description = "Enables the read_text_file command without any pre-configured scope."
commands.allow = ["read_text_file"]
[[permission]]
identifier = "deny-read-text-file"
description = "Denies the read_text_file command without any pre-configured scope."
commands.deny = ["read_text_file"]
plugins/fs/permissions/autogenerated/commands/read_text_file_lines.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read-text-file-lines"
description = "Enables the read_text_file_lines command without any pre-configured scope."
commands.allow = ["read_text_file_lines"]
[[permission]]
identifier = "deny-read-text-file-lines"
description = "Denies the read_text_file_lines command without any pre-configured scope."
commands.deny = ["read_text_file_lines"]
plugins/fs/permissions/autogenerated/commands/read_text_file_lines_next.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-read-text-file-lines-next"
description = "Enables the read_text_file_lines_next command without any pre-configured scope."
commands.allow = ["read_text_file_lines_next"]
[[permission]]
identifier = "deny-read-text-file-lines-next"
description = "Denies the read_text_file_lines_next command without any pre-configured scope."
commands.deny = ["read_text_file_lines_next"]
plugins/fs/permissions/autogenerated/commands/remove.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-remove"
description = "Enables the remove command without any pre-configured scope."
commands.allow = ["remove"]
[[permission]]
identifier = "deny-remove"
description = "Denies the remove command without any pre-configured scope."
commands.deny = ["remove"]
plugins/fs/permissions/autogenerated/commands/rename.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-rename"
description = "Enables the rename command without any pre-configured scope."
commands.allow = ["rename"]
[[permission]]
identifier = "deny-rename"
description = "Denies the rename command without any pre-configured scope."
commands.deny = ["rename"]
plugins/fs/permissions/autogenerated/commands/seek.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-seek"
description = "Enables the seek command without any pre-configured scope."
commands.allow = ["seek"]
[[permission]]
identifier = "deny-seek"
description = "Denies the seek command without any pre-configured scope."
commands.deny = ["seek"]
plugins/fs/permissions/autogenerated/commands/stat.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-stat"
description = "Enables the stat command without any pre-configured scope."
commands.allow = ["stat"]
[[permission]]
identifier = "deny-stat"
description = "Denies the stat command without any pre-configured scope."
commands.deny = ["stat"]
plugins/fs/permissions/autogenerated/commands/truncate.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-truncate"
description = "Enables the truncate command without any pre-configured scope."
commands.allow = ["truncate"]
[[permission]]
identifier = "deny-truncate"
description = "Denies the truncate command without any pre-configured scope."
commands.deny = ["truncate"]
plugins/fs/permissions/autogenerated/commands/unwatch.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-unwatch"
description = "Enables the unwatch command without any pre-configured scope."
commands.allow = ["unwatch"]
[[permission]]
identifier = "deny-unwatch"
description = "Denies the unwatch command without any pre-configured scope."
commands.deny = ["unwatch"]
plugins/fs/permissions/autogenerated/commands/watch.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-watch"
description = "Enables the watch command without any pre-configured scope."
commands.allow = ["watch"]
[[permission]]
identifier = "deny-watch"
description = "Denies the watch command without any pre-configured scope."
commands.deny = ["watch"]
plugins/fs/permissions/autogenerated/commands/write.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-write"
description = "Enables the write command without any pre-configured scope."
commands.allow = ["write"]
[[permission]]
identifier = "deny-write"
description = "Denies the write command without any pre-configured scope."
commands.deny = ["write"]
plugins/fs/permissions/autogenerated/commands/write_file.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-write-file"
description = "Enables the write_file command without any pre-configured scope."
commands.allow = ["write_file"]
[[permission]]
identifier = "deny-write-file"
description = "Denies the write_file command without any pre-configured scope."
commands.deny = ["write_file"]
plugins/fs/permissions/autogenerated/commands/write_text_file.toml
+13
View File
@@ -0,0 +1,13 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-write-text-file"
description = "Enables the write_text_file command without any pre-configured scope."
commands.allow = ["write_text_file"]
[[permission]]
identifier = "deny-write-text-file"
description = "Denies the write_text_file command without any pre-configured scope."
commands.deny = ["write_text_file"]
plugins/fs/permissions/autogenerated/reference.md
+1164
View File
File diff suppressed because it is too large Load Diff
plugins/fs/permissions/default.toml
+28
View File
@@ -0,0 +1,28 @@
"$schema" = "schemas/schema.json"
[default]
description = """
# Tauri `fs` default permissions
This configuration file defines the default permissions granted
to the filesystem.
### Granted Permissions
This default permission set enables all read-related commands and
allows access to the `$APP` folder and sub directories created in it.
The location of the `$APP` folder depends on the operating system,
where the application is run.
In general the `$APP` folder needs to be manually created
by the application at runtime, before accessing files or folders
in it is possible.
### Denied Permissions
This default permission set prevents access to critical components
of the Tauri application by default.
On Windows the webview data folder access is denied.
"""
permissions = ["read-all", "scope-app-recursive", "deny-default"]
plugins/fs/permissions/deny-default.toml
+6
View File
@@ -0,0 +1,6 @@
"$schema" = "schemas/schema.json"
[[set]]
identifier = "deny-default"
description = "This denies access to dangerous Tauri relevant files and folders by default."
permissions = ["deny-webview-data-linux", "deny-webview-data-windows"]
plugins/fs/permissions/deny-webview-data.toml
+19
View File
@@ -0,0 +1,19 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "deny-webview-data-linux"
description = """This denies read access to the
`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here.
Allowing access can lead to sensitive information disclosure and should be well considered."""
[[scope.deny]]
path = "$APPLOCALDATA/**"
[[permission]]
identifier = "deny-webview-data-windows"
description = """This denies read access to the
`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.
Allowing access can lead to sensitive information disclosure and should be well considered."""
[[scope.deny]]
path = "$APPLOCALDATA/EBWebView/**"
plugins/fs/permissions/read-all.toml
+21
View File
@@ -0,0 +1,21 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-all"
description = "This enables all read related commands without any pre-configured accessible paths."
commands.allow = [
"read_dir",
"read_file",
"read",
"open",
"read_text_file",
"read_text_file_lines",
"read_text_file_lines_next",
"seek",
"stat",
"lstat",
"fstat",
"exists",
"watch",
"unwatch",
]
plugins/fs/permissions/read-dirs.toml
+6
View File
@@ -0,0 +1,6 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-dirs"
description = "This enables directory read and file metadata related commands without any pre-configured accessible paths."
commands.allow = ["read_dir", "stat", "lstat", "fstat", "exists"]
plugins/fs/permissions/read-files.toml
+19
View File
@@ -0,0 +1,19 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-files"
description = "This enables file read related commands without any pre-configured accessible paths."
commands.allow = [
"read_file",
"read",
"open",
"read_text_file",
"read_text_file_lines",
"read_text_file_lines_next",
"seek",
"stat",
"lstat",
"fstat",
"exists",
]
plugins/fs/permissions/read-meta.toml
+6
View File
@@ -0,0 +1,6 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-meta"
description = "This enables all index or metadata related commands without any pre-configured accessible paths."
commands.allow = ["read_dir", "stat", "lstat", "fstat", "exists"]
plugins/fs/permissions/scope.toml
+5
View File
@@ -0,0 +1,5 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "scope"
description = "An empty permission you can use to modify the global scope."
plugins/fs/permissions/write-all.toml
+17
View File
@@ -0,0 +1,17 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "write-all"
description = "This enables all write related commands without any pre-configured accessible paths."
commands.allow = [
"mkdir",
"create",
"copy_file",
"remove",
"rename",
"truncate",
"ftruncate",
"write",
"write_file",
"write_text_file",
]
plugins/fs/permissions/write-files.toml
+16
View File
@@ -0,0 +1,16 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "write-files"
description = "This enables all file write related commands without any pre-configured accessible paths."
commands.allow = [
"create",
"copy_file",
"remove",
"rename",
"truncate",
"ftruncate",
"write",
"write_file",
"write_text_file",
]
plugins/fs/src/commands.rs
+176 -17
View File
@@ -6,7 +6,9 @@
use serde::{Deserialize, Serialize, Serializer};
use serde_repr::{Deserialize_repr, Serialize_repr};
use tauri::{
ipc::{CommandScope, GlobalScope},
path::{BaseDirectory, SafePathBuf},
utils::config::FsScope,
AppHandle, Manager, Resource, ResourceId, Runtime,
};
@@ -18,7 +20,7 @@ use std::{
time::{SystemTime, UNIX_EPOCH},
};
use crate::{Error, FsExt};
use crate::{scope::Entry, Error, FsExt};
#[derive(Debug, thiserror::Error)]
pub enum CommandError {
@@ -71,10 +73,18 @@ pub struct BaseOptions {
#[tauri::command]
pub fn create<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<ResourceId> {
let resolved_path = resolve_path(&app, path, options.and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.and_then(|o| o.base_dir),
)?;
let file = File::create(&resolved_path).map_err(|e| {
format!(
"failed to create file at path: {} with error: {e}",
@@ -113,10 +123,18 @@ fn default_true() -> bool {
#[tauri::command]
pub fn open<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<OpenOptions>,
) -> CommandResult<ResourceId> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base.base_dir),
)?;
let mut opts = std::fs::OpenOptions::new();
// default to read-only
@@ -166,17 +184,23 @@ pub struct CopyFileOptions {
#[tauri::command]
pub fn copy_file<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
from_path: SafePathBuf,
to_path: SafePathBuf,
options: Option<CopyFileOptions>,
) -> CommandResult<()> {
let resolved_from_path = resolve_path(
&app,
&global_scope,
&command_scope,
from_path,
options.as_ref().and_then(|o| o.from_path_base_dir),
)?;
let resolved_to_path = resolve_path(
&app,
&global_scope,
&command_scope,
to_path,
options.as_ref().and_then(|o| o.to_path_base_dir),
)?;
@@ -202,10 +226,18 @@ pub struct MkdirOptions {
#[tauri::command]
pub fn mkdir<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<MkdirOptions>,
) -> CommandResult<()> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base.base_dir),
)?;
let mut builder = std::fs::DirBuilder::new();
builder.recursive(options.as_ref().and_then(|o| o.recursive).unwrap_or(false));
@@ -261,10 +293,18 @@ fn read_dir_inner<P: AsRef<Path>>(path: P) -> crate::Result<Vec<DirEntry>> {
#[tauri::command]
pub fn read_dir<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<Vec<DirEntry>> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
read_dir_inner(&resolved_path)
.map_err(|e| {
@@ -292,10 +332,18 @@ pub fn read<R: Runtime>(
#[tauri::command]
pub fn read_file<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<Vec<u8>> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
std::fs::read(&resolved_path)
.map_err(|e| {
format!(
@@ -309,10 +357,18 @@ pub fn read_file<R: Runtime>(
#[tauri::command]
pub fn read_text_file<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<String> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
std::fs::read_to_string(&resolved_path)
.map_err(|e| {
format!(
@@ -326,12 +382,20 @@ pub fn read_text_file<R: Runtime>(
#[tauri::command]
pub fn read_text_file_lines<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<ResourceId> {
use std::io::BufRead;
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
let file = File::open(&resolved_path).map_err(|e| {
format!(
@@ -374,10 +438,18 @@ pub struct RemoveOptions {
#[tauri::command]
pub fn remove<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<RemoveOptions>,
) -> CommandResult<()> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base.base_dir),
)?;
let metadata = std::fs::symlink_metadata(&resolved_path).map_err(|e| {
format!(
@@ -434,17 +506,23 @@ pub struct RenameOptions {
#[tauri::command]
pub fn rename<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
old_path: SafePathBuf,
new_path: SafePathBuf,
options: Option<RenameOptions>,
) -> CommandResult<()> {
let resolved_old_path = resolve_path(
&app,
&global_scope,
&command_scope,
old_path,
options.as_ref().and_then(|o| o.old_path_base_dir),
)?;
let resolved_new_path = resolve_path(
&app,
&global_scope,
&command_scope,
new_path,
options.as_ref().and_then(|o| o.new_path_base_dir),
)?;
@@ -490,10 +568,18 @@ pub fn seek<R: Runtime>(
#[tauri::command]
pub fn stat<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<FileInfo> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
let metadata = std::fs::metadata(&resolved_path).map_err(|e| {
format!(
"failed to get metadata of path: {} with error: {e}",
@@ -506,10 +592,18 @@ pub fn stat<R: Runtime>(
#[tauri::command]
pub fn lstat<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<FileInfo> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
let metadata = std::fs::symlink_metadata(&resolved_path).map_err(|e| {
format!(
"failed to get metadata of path: {} with error: {e}",
@@ -530,11 +624,19 @@ pub fn fstat<R: Runtime>(app: AppHandle<R>, rid: ResourceId) -> CommandResult<Fi
#[tauri::command]
pub fn truncate<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
len: Option<u64>,
options: Option<BaseOptions>,
) -> CommandResult<()> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
let f = std::fs::OpenOptions::new()
.write(true)
.open(&resolved_path)
@@ -599,11 +701,19 @@ fn default_create_value() -> bool {
fn write_file_inner<R: Runtime>(
app: AppHandle<R>,
global_scope: &GlobalScope<'_, Entry>,
command_scope: &CommandScope<'_, Entry>,
path: SafePathBuf,
data: &[u8],
options: Option<WriteFileOptions>,
) -> CommandResult<()> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base.base_dir))?;
let resolved_path = resolve_path(
&app,
global_scope,
command_scope,
path,
options.as_ref().and_then(|o| o.base.base_dir),
)?;
let mut opts = std::fs::OpenOptions::new();
// defaults
@@ -644,35 +754,56 @@ fn write_file_inner<R: Runtime>(
#[tauri::command]
pub fn write_file<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
data: Vec<u8>,
options: Option<WriteFileOptions>,
) -> CommandResult<()> {
write_file_inner(app, path, &data, options)
write_file_inner(app, &global_scope, &command_scope, path, &data, options)
}
#[tauri::command]
pub fn write_text_file<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
data: String,
options: Option<WriteFileOptions>,
) -> CommandResult<()> {
write_file_inner(app, path, data.as_bytes(), options)
write_file_inner(
app,
&global_scope,
&command_scope,
path,
data.as_bytes(),
options,
)
}
#[tauri::command]
pub fn exists<R: Runtime>(
app: AppHandle<R>,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
path: SafePathBuf,
options: Option<BaseOptions>,
) -> CommandResult<bool> {
let resolved_path = resolve_path(&app, path, options.as_ref().and_then(|o| o.base_dir))?;
let resolved_path = resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.as_ref().and_then(|o| o.base_dir),
)?;
Ok(resolved_path.exists())
}
pub fn resolve_path<R: Runtime>(
app: &AppHandle<R>,
global_scope: &GlobalScope<'_, Entry>,
command_scope: &CommandScope<'_, Entry>,
path: SafePathBuf,
base_dir: Option<BaseDirectory>,
) -> CommandResult<PathBuf> {
@@ -684,7 +815,35 @@ pub fn resolve_path<R: Runtime>(
} else {
path.as_ref().to_path_buf()
};
if app.fs_scope().is_allowed(&path) {
let scope = tauri::scope::fs::Scope::new(
app,
&FsScope::Scope {
allow: app
.fs_scope()
.allowed
.lock()
.unwrap()
.clone()
.into_iter()
.chain(global_scope.allows().iter().map(|e| e.path.clone()))
.chain(command_scope.allows().iter().map(|e| e.path.clone()))
.collect(),
deny: app
.fs_scope()
.denied
.lock()
.unwrap()
.clone()
.into_iter()
.chain(global_scope.denies().iter().map(|e| e.path.clone()))
.chain(command_scope.denies().iter().map(|e| e.path.clone()))
.collect(),
require_literal_leading_dot: None,
},
)?;
if scope.is_allowed(&path) {
Ok(path)
} else {
Err(CommandError::Plugin(Error::PathForbidden(path)))
plugins/fs/src/config.rs
+10 -3
View File
@@ -3,9 +3,16 @@
// SPDX-License-Identifier: MIT
use serde::Deserialize;
use tauri::utils::config::FsScope;
#[derive(Debug, Deserialize)]
#[derive(Deserialize)]
pub struct Config {
pub scope: FsScope,
/// Whether or not paths that contain components that start with a `.`
/// will require that `.` appears literally in the pattern; `*`, `?`, `**`,
/// or `[...]` will not match. This is useful because such files are
/// conventionally considered hidden on Unix systems and it might be
/// desirable to skip them when listing files.
///
/// Defaults to `true` on Unix systems and `false` on Windows
// dotfiles are not supposed to be exposed by default on unix
pub require_literal_leading_dot: Option<bool>,
}
plugins/fs/src/error.rs
+4
View File
@@ -8,6 +8,10 @@ use serde::{Serialize, Serializer};
#[derive(Debug, thiserror::Error)]
pub enum Error {
#[error(transparent)]
Json(#[from] serde_json::Error),
#[error(transparent)]
Tauri(#[from] tauri::Error),
#[error(transparent)]
Io(#[from] std::io::Error),
#[error("forbidden path: {0}")]
plugins/fs/src/lib.rs
+38 -18
View File
@@ -11,21 +11,25 @@
html_favicon_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png"
)]
use std::path::PathBuf;
use serde::Deserialize;
use tauri::{
ipc::ScopeObject,
plugin::{Builder as PluginBuilder, TauriPlugin},
scope::fs::Scope,
utils::config::FsScope,
FileDropEvent, Manager, RunEvent, Runtime, WindowEvent,
utils::acl::Value,
AppHandle, FileDropEvent, Manager, RunEvent, Runtime, WindowEvent,
};
mod commands;
mod config;
mod error;
mod scope;
#[cfg(feature = "watch")]
mod watcher;
pub use config::Config;
pub use error::Error;
pub use scope::{Event as ScopeEvent, Scope};
type Result<T> = std::result::Result<T, Error>;
@@ -44,8 +48,27 @@ impl<R: Runtime, T: Manager<R>> FsExt<R> for T {
}
}
pub fn init<R: Runtime>() -> TauriPlugin<R, Option<Config>> {
PluginBuilder::<R, Option<Config>>::new("fs")
impl ScopeObject for scope::Entry {
type Error = Error;
fn deserialize<R: Runtime>(
app: &AppHandle<R>,
raw: Value,
) -> std::result::Result<Self, Self::Error> {
#[derive(Deserialize)]
struct EntryRaw {
path: PathBuf,
}
let entry = serde_json::from_value::<EntryRaw>(raw.into())?;
Ok(Self {
path: app.path().parse(entry.path)?,
})
}
}
pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {
PluginBuilder::<R, Option<config::Config>>::new("fs")
.js_init_script(include_str!("api-iife.js").to_string())
.invoke_handler(tauri::generate_handler![
commands::create,
@@ -76,16 +99,13 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<Config>> {
#[cfg(feature = "watch")]
watcher::unwatch
])
.setup(|app: &tauri::AppHandle<R>, api| {
let default_scope = FsScope::default();
app.manage(Scope::new(
app,
api.config()
.as_ref()
.map(|c| &c.scope)
.unwrap_or(&default_scope),
)?);
.setup(|app, api| {
let mut scope = Scope::default();
scope.require_literal_leading_dot = api
.config()
.as_ref()
.and_then(|c| c.require_literal_leading_dot);
app.manage(scope);
Ok(())
})
.on_event(|app, event| {
@@ -98,9 +118,9 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<Config>> {
let scope = app.fs_scope();
for path in paths {
if path.is_file() {
let _ = scope.allow_file(path);
scope.allow_file(path);
} else {
let _ = scope.allow_directory(path, false);
scope.allow_directory(path, false);
}
}
}
plugins/fs/src/scope.rs
+118
View File
@@ -0,0 +1,118 @@
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
// SPDX-License-Identifier: Apache-2.0
// SPDX-License-Identifier: MIT
use std::{
collections::HashMap,
path::{Path, PathBuf},
sync::{
atomic::{AtomicU32, Ordering},
Mutex,
},
};
#[derive(Debug, schemars::JsonSchema)]
pub struct Entry {
pub path: PathBuf,
}
pub type EventId = u32;
type EventListener = Box<dyn Fn(&Event) + Send>;
/// Scope change event.
#[derive(Debug, Clone)]
pub enum Event {
/// A path has been allowed.
PathAllowed(PathBuf),
/// A path has been forbidden.
PathForbidden(PathBuf),
}
#[derive(Default)]
pub struct Scope {
pub(crate) allowed: Mutex<Vec<PathBuf>>,
pub(crate) denied: Mutex<Vec<PathBuf>>,
event_listeners: Mutex<HashMap<EventId, EventListener>>,
next_event_id: AtomicU32,
pub(crate) require_literal_leading_dot: Option<bool>,
}
impl Scope {
/// Extend the allowed patterns with the given directory.
///
/// After this function has been called, the frontend will be able to use the Tauri API to read
/// the directory and all of its files. If `recursive` is `true`, subdirectories will be accessible too.
pub fn allow_directory<P: AsRef<Path>>(&self, path: P, recursive: bool) {
let path = path.as_ref();
let mut allowed = self.allowed.lock().unwrap();
allowed.push(path.to_path_buf());
allowed.push(path.join(if recursive { "**" } else { "*" }));
self.emit(Event::PathAllowed(path.to_path_buf()));
}
/// Extend the allowed patterns with the given file path.
///
/// After this function has been called, the frontend will be able to use the Tauri API to read the contents of this file.
pub fn allow_file<P: AsRef<Path>>(&self, path: P) {
let path = path.as_ref();
self.allowed.lock().unwrap().push(path.to_path_buf());
self.emit(Event::PathAllowed(path.to_path_buf()));
}
/// Set the given directory path to be forbidden by this scope.
///
/// **Note:** this takes precedence over allowed paths, so its access gets denied **always**.
pub fn forbid_directory<P: AsRef<Path>>(&self, path: P, recursive: bool) {
let path = path.as_ref();
let mut denied = self.denied.lock().unwrap();
denied.push(path.to_path_buf());
denied.push(path.join(if recursive { "**" } else { "*" }));
self.emit(Event::PathForbidden(path.to_path_buf()));
}
/// Set the given file path to be forbidden by this scope.
///
/// **Note:** this takes precedence over allowed paths, so its access gets denied **always**.
pub fn forbid_file<P: AsRef<Path>>(&self, path: P) {
let path = path.as_ref();
self.denied.lock().unwrap().push(path.to_path_buf());
self.emit(Event::PathForbidden(path.to_path_buf()));
}
/// List of allowed paths.
pub fn allowed(&self) -> Vec<PathBuf> {
self.allowed.lock().unwrap().clone()
}
/// List of forbidden paths.
pub fn forbidden(&self) -> Vec<PathBuf> {
self.denied.lock().unwrap().clone()
}
fn next_event_id(&self) -> u32 {
self.next_event_id.fetch_add(1, Ordering::Relaxed)
}
fn emit(&self, event: Event) {
let listeners = self.event_listeners.lock().unwrap();
let handlers = listeners.values();
for listener in handlers {
listener(&event);
}
}
/// Listen to an event on this scope.
pub fn listen<F: Fn(&Event) + Send + 'static>(&self, f: F) -> EventId {
let id = self.next_event_id();
self.event_listeners.lock().unwrap().insert(id, Box::new(f));
id
}
}
plugins/fs/src/watcher.rs
+14 -3
View File
@@ -6,7 +6,7 @@ use notify::{Config, Event, RecommendedWatcher, RecursiveMode, Watcher};
use notify_debouncer_full::{new_debouncer, DebounceEventResult, Debouncer, FileIdMap};
use serde::Deserialize;
use tauri::{
ipc::Channel,
ipc::{Channel, CommandScope, GlobalScope},
path::{BaseDirectory, SafePathBuf},
AppHandle, Manager, Resource, ResourceId, Runtime,
};
@@ -21,7 +21,10 @@ use std::{
time::Duration,
};
use crate::commands::{resolve_path, CommandResult};
use crate::{
commands::{resolve_path, CommandResult},
scope::Entry,
};
struct InnerWatcher {
pub kind: WatcherKind,
@@ -83,10 +86,18 @@ pub async fn watch<R: Runtime>(
paths: Vec<SafePathBuf>,
options: WatchOptions,
on_event: Channel,
global_scope: GlobalScope<'_, Entry>,
command_scope: CommandScope<'_, Entry>,
) -> CommandResult<ResourceId> {
let mut resolved_paths = Vec::with_capacity(paths.capacity());
for path in paths {
resolved_paths.push(resolve_path(&app, path, options.dir)?);
resolved_paths.push(resolve_path(
&app,
&global_scope,
&command_scope,
path,
options.dir,
)?);
}
let mode = if options.recursive {