From eb9c27062c0aba1251af16852055f1ab98ae4333 Mon Sep 17 00:00:00 2001 From: FabianLars Date: Tue, 2 Jul 2024 10:10:07 +0200 Subject: [PATCH] fix clippy - regen permissions --- .github/workflows/lint-rust.yml | 3 + .../src-tauri/gen/schemas/desktop-schema.json | 35 +- .../permissions/autogenerated/reference.md | 152 +- .../permissions/schemas/schema.json | 8 +- .../authenticator/src/u2f_crate/messages.rs | 1 + .../permissions/autogenerated/reference.md | 106 +- .../autostart/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 193 +- .../permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 77 +- .../biometric/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 46 +- plugins/cli/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 187 +- .../permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 130 +- .../deep-link/permissions/schemas/schema.json | 8 +- plugins/deep-link/src/config.rs | 2 + .../permissions/autogenerated/reference.md | 164 +- .../dialog/permissions/schemas/schema.json | 8 +- .../fs/permissions/autogenerated/reference.md | 4026 +++++++++++++++-- plugins/fs/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 159 +- .../permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 135 +- plugins/http/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 46 +- plugins/log/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 105 +- plugins/nfc/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 483 +- .../permissions/schemas/schema.json | 8 +- .../os/permissions/autogenerated/reference.md | 250 +- plugins/os/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 46 +- .../permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 77 +- .../process/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 160 +- plugins/shell/permissions/schemas/schema.json | 8 +- .../src/platform_impl/linux.rs | 2 - .../src/platform_impl/macos.rs | 2 - .../src/platform_impl/windows.rs | 2 - plugins/sql/Cargo.toml | 1 + .../permissions/autogenerated/reference.md | 134 +- plugins/sql/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 367 +- plugins/store/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 335 +- .../permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 135 +- .../updater/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 77 +- .../upload/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 75 +- .../websocket/permissions/schemas/schema.json | 8 +- .../permissions/autogenerated/reference.md | 106 +- .../permissions/schemas/schema.json | 8 +- 58 files changed, 7288 insertions(+), 731 deletions(-) diff --git a/.github/workflows/lint-rust.yml b/.github/workflows/lint-rust.yml index 5babd8c20..f534336c5 100644 --- a/.github/workflows/lint-rust.yml +++ b/.github/workflows/lint-rust.yml @@ -53,6 +53,9 @@ jobs: tauri-plugin-clipboard-manager: - .github/workflows/lint-rust.yml - plugins/clipboard-manager/** + tauri-plugin-deep-link: + - .github/workflows/lint-rust.yml + - plugins/deep-link/** tauri-plugin-dialog: - .github/workflows/lint-rust.yml - plugins/dialog/** diff --git a/examples/api/src-tauri/gen/schemas/desktop-schema.json b/examples/api/src-tauri/gen/schemas/desktop-schema.json index 58277295a..40b64e2c7 100644 --- a/examples/api/src-tauri/gen/schemas/desktop-schema.json +++ b/examples/api/src-tauri/gen/schemas/desktop-schema.json @@ -37,7 +37,7 @@ ], "definitions": { "Capability": { - "description": "a grouping and boundary mechanism developers can use to separate windows or plugins functionality from each other at runtime.\n\nIf a window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create trust groups and reduce impact of vulnerabilities in certain plugins or windows. Windows can be added to a capability by exact name or glob patterns like *, admin-* or main-window.", + "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\nIt controls application windows fine grained access to the Tauri core, application, or plugin commands. If a window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`. A Window can have none, one, or multiple associated capabilities.\n\n## Example\n\n```json { \"identifier\": \"main-user-files-write\", \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\", \"windows\": [ \"main\" ], \"permissions\": [ \"path:default\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] }, \"platforms\": [\"macOS\",\"windows\"] } ```", "type": "object", "required": [ "identifier", @@ -45,16 +45,16 @@ ], "properties": { "identifier": { - "description": "Identifier of the capability.", + "description": "Identifier of the capability.\n\n## Example\n\n`main-user-files-write`", "type": "string" }, "description": { - "description": "Description of the capability.", + "description": "Description of what the capability is intended to allow on associated windows.\n\nIt should contain a description of what the grouped permissions should allow.\n\n## Example\n\nThis capability allows the `main` window access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.", "default": "", "type": "string" }, "remote": { - "description": "Configure remote URLs that can use the capability permissions.", + "description": "Configure remote URLs that can use the capability permissions.\n\nThis setting is optional and defaults to not being set, as our default use case is that the content is served from our local application.\n\n:::caution Make sure you understand the security implications of providing remote sources with local system access. :::\n\n## Example\n\n```json { \"urls\": [\"https://*.mydomain.dev\"] } ```", "anyOf": [ { "$ref": "#/definitions/CapabilityRemote" @@ -70,28 +70,29 @@ "type": "boolean" }, "windows": { - "description": "List of windows that uses this capability. Can be a glob pattern.\n\nOn multiwebview windows, prefer [`Self::webviews`] for a fine grained access control.", + "description": "List of windows that are affected by this capability. Can be a glob pattern.\n\nOn multiwebview windows, prefer [`Self::webviews`] for a fine grained access control.\n\n## Example\n\n`[\"main\"]`", "type": "array", "items": { "type": "string" } }, "webviews": { - "description": "List of webviews that uses this capability. Can be a glob pattern.\n\nThis is only required when using on multiwebview contexts, by default all child webviews of a window that matches [`Self::windows`] are linked.", + "description": "List of webviews that are affected by this capability. Can be a glob pattern.\n\nThis is only required when using on multiwebview contexts, by default all child webviews of a window that matches [`Self::windows`] are linked.\n\n## Example\n\n`[\"sub-webview-one\", \"sub-webview-two\"]`", "type": "array", "items": { "type": "string" } }, "permissions": { - "description": "List of permissions attached to this capability. Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.", + "description": "List of permissions attached to this capability.\n\nMust include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`. For commands directly implemented in the application itself only `${permission-name}` is required.\n\n## Example\n\n```json [ \"path:default\", \"event:default\", \"window:default\", \"app:default\", \"image:default\", \"resources:default\", \"menu:default\", \"tray:default\", \"shell:allow-open\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] } ```", "type": "array", "items": { "$ref": "#/definitions/PermissionEntry" - } + }, + "uniqueItems": true }, "platforms": { - "description": "Target platforms this capability applies. By default all platforms are affected by this capability.", + "description": "Limit which target platforms this capability applies to.\n\nBy default all platforms are targeted.\n\n## Example\n\n`[\"macOS\",\"windows\"]`", "type": [ "array", "null" @@ -110,7 +111,7 @@ ], "properties": { "urls": { - "description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n# Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api", + "description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n## Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api", "type": "array", "items": { "type": "string" @@ -2504,6 +2505,13 @@ "app:allow-app-show" ] }, + { + "description": "app:allow-default-window-icon -> Enables the default_window_icon command without any pre-configured scope.", + "type": "string", + "enum": [ + "app:allow-default-window-icon" + ] + }, { "description": "app:allow-name -> Enables the name command without any pre-configured scope.", "type": "string", @@ -2539,6 +2547,13 @@ "app:deny-app-show" ] }, + { + "description": "app:deny-default-window-icon -> Denies the default_window_icon command without any pre-configured scope.", + "type": "string", + "enum": [ + "app:deny-default-window-icon" + ] + }, { "description": "app:deny-name -> Denies the name command without any pre-configured scope.", "type": "string", diff --git a/plugins/authenticator/permissions/autogenerated/reference.md b/plugins/authenticator/permissions/autogenerated/reference.md index c82e61c79..71b941ea7 100644 --- a/plugins/authenticator/permissions/autogenerated/reference.md +++ b/plugins/authenticator/permissions/autogenerated/reference.md @@ -1,12 +1,140 @@ -| Permission | Description | -|------|-----| -|`allow-init-auth`|Enables the init_auth command without any pre-configured scope.| -|`deny-init-auth`|Denies the init_auth command without any pre-configured scope.| -|`allow-register`|Enables the register command without any pre-configured scope.| -|`deny-register`|Denies the register command without any pre-configured scope.| -|`allow-sign`|Enables the sign command without any pre-configured scope.| -|`deny-sign`|Denies the sign command without any pre-configured scope.| -|`allow-verify-registration`|Enables the verify_registration command without any pre-configured scope.| -|`deny-verify-registration`|Denies the verify_registration command without any pre-configured scope.| -|`allow-verify-signature`|Enables the verify_signature command without any pre-configured scope.| -|`deny-verify-signature`|Denies the verify_signature command without any pre-configured scope.| + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`authenticator:allow-init-auth` + + + +Enables the init_auth command without any pre-configured scope. + +
+ +`authenticator:deny-init-auth` + + + +Denies the init_auth command without any pre-configured scope. + +
+ +`authenticator:allow-register` + + + +Enables the register command without any pre-configured scope. + +
+ +`authenticator:deny-register` + + + +Denies the register command without any pre-configured scope. + +
+ +`authenticator:allow-sign` + + + +Enables the sign command without any pre-configured scope. + +
+ +`authenticator:deny-sign` + + + +Denies the sign command without any pre-configured scope. + +
+ +`authenticator:allow-verify-registration` + + + +Enables the verify_registration command without any pre-configured scope. + +
+ +`authenticator:deny-verify-registration` + + + +Denies the verify_registration command without any pre-configured scope. + +
+ +`authenticator:allow-verify-signature` + + + +Enables the verify_signature command without any pre-configured scope. + +
+ +`authenticator:deny-verify-signature` + + + +Denies the verify_signature command without any pre-configured scope. + +
diff --git a/plugins/authenticator/permissions/schemas/schema.json b/plugins/authenticator/permissions/schemas/schema.json index 427c3f5a3..423ed72f5 100644 --- a/plugins/authenticator/permissions/schemas/schema.json +++ b/plugins/authenticator/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/authenticator/src/u2f_crate/messages.rs b/plugins/authenticator/src/u2f_crate/messages.rs index be22f9651..fbae95111 100644 --- a/plugins/authenticator/src/u2f_crate/messages.rs +++ b/plugins/authenticator/src/u2f_crate/messages.rs @@ -34,6 +34,7 @@ pub struct RegisteredKey { #[serde(rename_all = "camelCase")] pub struct RegisterResponse { pub registration_data: String, + #[allow(unused)] pub version: String, pub client_data: String, } diff --git a/plugins/autostart/permissions/autogenerated/reference.md b/plugins/autostart/permissions/autogenerated/reference.md index 329e5a0be..46957bf53 100644 --- a/plugins/autostart/permissions/autogenerated/reference.md +++ b/plugins/autostart/permissions/autogenerated/reference.md @@ -1,12 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-disable`|Enables the disable command without any pre-configured scope.| -|`deny-disable`|Denies the disable command without any pre-configured scope.| -|`allow-enable`|Enables the enable command without any pre-configured scope.| -|`deny-enable`|Denies the enable command without any pre-configured scope.| -|`allow-is-enabled`|Enables the is_enabled command without any pre-configured scope.| -|`deny-is-enabled`|Denies the is_enabled command without any pre-configured scope.| -|`default`|This permission set configures if your +## Default Permission + +This permission set configures if your application can enable or disable auto starting the application on boot. @@ -15,4 +9,96 @@ starting the application on boot. It allows all to check, enable and disable the automatic start on boot. -| + + +- `allow-enable` +- `allow-disable` +- `allow-is-enabled` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`autostart:allow-disable` + + + +Enables the disable command without any pre-configured scope. + +
+ +`autostart:deny-disable` + + + +Denies the disable command without any pre-configured scope. + +
+ +`autostart:allow-enable` + + + +Enables the enable command without any pre-configured scope. + +
+ +`autostart:deny-enable` + + + +Denies the enable command without any pre-configured scope. + +
+ +`autostart:allow-is-enabled` + + + +Enables the is_enabled command without any pre-configured scope. + +
+ +`autostart:deny-is-enabled` + + + +Denies the is_enabled command without any pre-configured scope. + +
diff --git a/plugins/autostart/permissions/schemas/schema.json b/plugins/autostart/permissions/schemas/schema.json index 4ec9e10ef..1ecdac9b5 100644 --- a/plugins/autostart/permissions/schemas/schema.json +++ b/plugins/autostart/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/barcode-scanner/permissions/autogenerated/reference.md b/plugins/barcode-scanner/permissions/autogenerated/reference.md index 452b1042f..1778df445 100644 --- a/plugins/barcode-scanner/permissions/autogenerated/reference.md +++ b/plugins/barcode-scanner/permissions/autogenerated/reference.md @@ -1,22 +1,183 @@ -| Permission | Description | -|------|-----| -|`allow-cancel`|Enables the cancel command without any pre-configured scope.| -|`deny-cancel`|Denies the cancel command without any pre-configured scope.| -|`allow-check-permissions`|Enables the check_permissions command without any pre-configured scope.| -|`deny-check-permissions`|Denies the check_permissions command without any pre-configured scope.| -|`allow-open-app-settings`|Enables the open_app_settings command without any pre-configured scope.| -|`deny-open-app-settings`|Denies the open_app_settings command without any pre-configured scope.| -|`allow-request-permissions`|Enables the request_permissions command without any pre-configured scope.| -|`deny-request-permissions`|Denies the request_permissions command without any pre-configured scope.| -|`allow-scan`|Enables the scan command without any pre-configured scope.| -|`deny-scan`|Denies the scan command without any pre-configured scope.| -|`allow-vibrate`|Enables the vibrate command without any pre-configured scope.| -|`deny-vibrate`|Denies the vibrate command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which barcode scanning features are by default exposed. #### Granted Permissions It allows all barcode related features. -| + + +- `allow-cancel` +- `allow-check-permissions` +- `allow-open-app-settings` +- `allow-request-permissions` +- `allow-scan` +- `allow-vibrate` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`barcode-scanner:allow-cancel` + + + +Enables the cancel command without any pre-configured scope. + +
+ +`barcode-scanner:deny-cancel` + + + +Denies the cancel command without any pre-configured scope. + +
+ +`barcode-scanner:allow-check-permissions` + + + +Enables the check_permissions command without any pre-configured scope. + +
+ +`barcode-scanner:deny-check-permissions` + + + +Denies the check_permissions command without any pre-configured scope. + +
+ +`barcode-scanner:allow-open-app-settings` + + + +Enables the open_app_settings command without any pre-configured scope. + +
+ +`barcode-scanner:deny-open-app-settings` + + + +Denies the open_app_settings command without any pre-configured scope. + +
+ +`barcode-scanner:allow-request-permissions` + + + +Enables the request_permissions command without any pre-configured scope. + +
+ +`barcode-scanner:deny-request-permissions` + + + +Denies the request_permissions command without any pre-configured scope. + +
+ +`barcode-scanner:allow-scan` + + + +Enables the scan command without any pre-configured scope. + +
+ +`barcode-scanner:deny-scan` + + + +Denies the scan command without any pre-configured scope. + +
+ +`barcode-scanner:allow-vibrate` + + + +Enables the vibrate command without any pre-configured scope. + +
+ +`barcode-scanner:deny-vibrate` + + + +Denies the vibrate command without any pre-configured scope. + +
diff --git a/plugins/barcode-scanner/permissions/schemas/schema.json b/plugins/barcode-scanner/permissions/schemas/schema.json index 7e99ee7c8..02286fcb7 100644 --- a/plugins/barcode-scanner/permissions/schemas/schema.json +++ b/plugins/barcode-scanner/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/biometric/permissions/autogenerated/reference.md b/plugins/biometric/permissions/autogenerated/reference.md index 6f57ebd36..d54a40f06 100644 --- a/plugins/biometric/permissions/autogenerated/reference.md +++ b/plugins/biometric/permissions/autogenerated/reference.md @@ -1,14 +1,75 @@ -| Permission | Description | -|------|-----| -|`allow-authenticate`|Enables the authenticate command without any pre-configured scope.| -|`deny-authenticate`|Denies the authenticate command without any pre-configured scope.| -|`allow-status`|Enables the status command without any pre-configured scope.| -|`deny-status`|Denies the status command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which biometric features are by default exposed. #### Granted Permissions It allows acccess to all biometric commands. -| + + +- `allow-authenticate` +- `allow-status` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`biometric:allow-authenticate` + + + +Enables the authenticate command without any pre-configured scope. + +
+ +`biometric:deny-authenticate` + + + +Denies the authenticate command without any pre-configured scope. + +
+ +`biometric:allow-status` + + + +Enables the status command without any pre-configured scope. + +
+ +`biometric:deny-status` + + + +Denies the status command without any pre-configured scope. + +
diff --git a/plugins/biometric/permissions/schemas/schema.json b/plugins/biometric/permissions/schemas/schema.json index f992c8c68..8dbd11797 100644 --- a/plugins/biometric/permissions/schemas/schema.json +++ b/plugins/biometric/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/cli/permissions/autogenerated/reference.md b/plugins/cli/permissions/autogenerated/reference.md index f1eedd3eb..93588921a 100644 --- a/plugins/cli/permissions/autogenerated/reference.md +++ b/plugins/cli/permissions/autogenerated/reference.md @@ -1,5 +1,41 @@ -| Permission | Description | -|------|-----| -|`allow-cli-matches`|Enables the cli_matches command without any pre-configured scope.| -|`deny-cli-matches`|Denies the cli_matches command without any pre-configured scope.| -|`default`|Allows reading the CLI matches| +## Default Permission + +Allows reading the CLI matches + +- `allow-cli-matches` + +### Permission Table + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`cli:allow-cli-matches` + + + +Enables the cli_matches command without any pre-configured scope. + +
+ +`cli:deny-cli-matches` + + + +Denies the cli_matches command without any pre-configured scope. + +
diff --git a/plugins/cli/permissions/schemas/schema.json b/plugins/cli/permissions/schemas/schema.json index 00a7a1151..045c7197b 100644 --- a/plugins/cli/permissions/schemas/schema.json +++ b/plugins/cli/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/clipboard-manager/permissions/autogenerated/reference.md b/plugins/clipboard-manager/permissions/autogenerated/reference.md index 4ce23a4e6..f712d5add 100644 --- a/plugins/clipboard-manager/permissions/autogenerated/reference.md +++ b/plugins/clipboard-manager/permissions/autogenerated/reference.md @@ -1,20 +1,175 @@ -| Permission | Description | -|------|-----| -|`allow-clear`|Enables the clear command without any pre-configured scope.| -|`deny-clear`|Denies the clear command without any pre-configured scope.| -|`allow-read-image`|Enables the read_image command without any pre-configured scope.| -|`deny-read-image`|Denies the read_image command without any pre-configured scope.| -|`allow-read-text`|Enables the read_text command without any pre-configured scope.| -|`deny-read-text`|Denies the read_text command without any pre-configured scope.| -|`allow-write-html`|Enables the write_html command without any pre-configured scope.| -|`deny-write-html`|Denies the write_html command without any pre-configured scope.| -|`allow-write-image`|Enables the write_image command without any pre-configured scope.| -|`deny-write-image`|Denies the write_image command without any pre-configured scope.| -|`allow-write-text`|Enables the write_text command without any pre-configured scope.| -|`deny-write-text`|Denies the write_text command without any pre-configured scope.| -|`default`|No features are enabled by default, as we believe +## Default Permission + +No features are enabled by default, as we believe the clipboard can be inherently dangerous and it is application specific if read and/or write access is needed. Clipboard interaction needs to be explicitly enabled. -| + + + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`clipboard-manager:allow-clear` + + + +Enables the clear command without any pre-configured scope. + +
+ +`clipboard-manager:deny-clear` + + + +Denies the clear command without any pre-configured scope. + +
+ +`clipboard-manager:allow-read-image` + + + +Enables the read_image command without any pre-configured scope. + +
+ +`clipboard-manager:deny-read-image` + + + +Denies the read_image command without any pre-configured scope. + +
+ +`clipboard-manager:allow-read-text` + + + +Enables the read_text command without any pre-configured scope. + +
+ +`clipboard-manager:deny-read-text` + + + +Denies the read_text command without any pre-configured scope. + +
+ +`clipboard-manager:allow-write-html` + + + +Enables the write_html command without any pre-configured scope. + +
+ +`clipboard-manager:deny-write-html` + + + +Denies the write_html command without any pre-configured scope. + +
+ +`clipboard-manager:allow-write-image` + + + +Enables the write_image command without any pre-configured scope. + +
+ +`clipboard-manager:deny-write-image` + + + +Denies the write_image command without any pre-configured scope. + +
+ +`clipboard-manager:allow-write-text` + + + +Enables the write_text command without any pre-configured scope. + +
+ +`clipboard-manager:deny-write-text` + + + +Denies the write_text command without any pre-configured scope. + +
diff --git a/plugins/clipboard-manager/permissions/schemas/schema.json b/plugins/clipboard-manager/permissions/schemas/schema.json index 90e00c4d1..d579bae88 100644 --- a/plugins/clipboard-manager/permissions/schemas/schema.json +++ b/plugins/clipboard-manager/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/deep-link/permissions/autogenerated/reference.md b/plugins/deep-link/permissions/autogenerated/reference.md index 583e39de8..2b815a0c9 100644 --- a/plugins/deep-link/permissions/autogenerated/reference.md +++ b/plugins/deep-link/permissions/autogenerated/reference.md @@ -1,11 +1,119 @@ -| Permission | Description | -|------|-----| -|`allow-get-current`|Enables the get_current command without any pre-configured scope.| -|`deny-get-current`|Denies the get_current command without any pre-configured scope.| -|`allow-is-registered`|Enables the is_registered command without any pre-configured scope.| -|`deny-is-registered`|Denies the is_registered command without any pre-configured scope.| -|`allow-register`|Enables the register command without any pre-configured scope.| -|`deny-register`|Denies the register command without any pre-configured scope.| -|`allow-unregister`|Enables the unregister command without any pre-configured scope.| -|`deny-unregister`|Denies the unregister command without any pre-configured scope.| -|`default`|Allows reading the opened deep link via the get_current command| +## Default Permission + +Allows reading the opened deep link via the get_current command + +- `allow-get-current` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`deep-link:allow-get-current` + + + +Enables the get_current command without any pre-configured scope. + +
+ +`deep-link:deny-get-current` + + + +Denies the get_current command without any pre-configured scope. + +
+ +`deep-link:allow-is-registered` + + + +Enables the is_registered command without any pre-configured scope. + +
+ +`deep-link:deny-is-registered` + + + +Denies the is_registered command without any pre-configured scope. + +
+ +`deep-link:allow-register` + + + +Enables the register command without any pre-configured scope. + +
+ +`deep-link:deny-register` + + + +Denies the register command without any pre-configured scope. + +
+ +`deep-link:allow-unregister` + + + +Enables the unregister command without any pre-configured scope. + +
+ +`deep-link:deny-unregister` + + + +Denies the unregister command without any pre-configured scope. + +
diff --git a/plugins/deep-link/permissions/schemas/schema.json b/plugins/deep-link/permissions/schemas/schema.json index 3589379a3..32a079450 100644 --- a/plugins/deep-link/permissions/schemas/schema.json +++ b/plugins/deep-link/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/deep-link/src/config.rs b/plugins/deep-link/src/config.rs index f0db1dafd..1796aa636 100644 --- a/plugins/deep-link/src/config.rs +++ b/plugins/deep-link/src/config.rs @@ -35,11 +35,13 @@ pub struct Config { pub mobile: Vec, /// Desktop requires urls starting with `://`. /// These urls are also active in dev mode on Android. + #[allow(unused)] // Used in tauri-bundler pub desktop: DesktopProtocol, } #[derive(Deserialize)] #[serde(untagged)] +#[allow(unused)] // Used in tauri-bundler pub enum DesktopProtocol { One(DeepLinkProtocol), List(Vec), diff --git a/plugins/dialog/permissions/autogenerated/reference.md b/plugins/dialog/permissions/autogenerated/reference.md index e69bf5d8d..e99293850 100644 --- a/plugins/dialog/permissions/autogenerated/reference.md +++ b/plugins/dialog/permissions/autogenerated/reference.md @@ -1,16 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-ask`|Enables the ask command without any pre-configured scope.| -|`deny-ask`|Denies the ask command without any pre-configured scope.| -|`allow-confirm`|Enables the confirm command without any pre-configured scope.| -|`deny-confirm`|Denies the confirm command without any pre-configured scope.| -|`allow-message`|Enables the message command without any pre-configured scope.| -|`deny-message`|Denies the message command without any pre-configured scope.| -|`allow-open`|Enables the open command without any pre-configured scope.| -|`deny-open`|Denies the open command without any pre-configured scope.| -|`allow-save`|Enables the save command without any pre-configured scope.| -|`deny-save`|Denies the save command without any pre-configured scope.| -|`default`|This permission set configures the types of dialogs +## Default Permission + +This permission set configures the types of dialogs available from the dialog plugin. #### Granted Permissions @@ -18,4 +8,150 @@ available from the dialog plugin. All dialog types are enabled. -| + + +- `allow-ask` +- `allow-confirm` +- `allow-message` +- `allow-save` +- `allow-open` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`dialog:allow-ask` + + + +Enables the ask command without any pre-configured scope. + +
+ +`dialog:deny-ask` + + + +Denies the ask command without any pre-configured scope. + +
+ +`dialog:allow-confirm` + + + +Enables the confirm command without any pre-configured scope. + +
+ +`dialog:deny-confirm` + + + +Denies the confirm command without any pre-configured scope. + +
+ +`dialog:allow-message` + + + +Enables the message command without any pre-configured scope. + +
+ +`dialog:deny-message` + + + +Denies the message command without any pre-configured scope. + +
+ +`dialog:allow-open` + + + +Enables the open command without any pre-configured scope. + +
+ +`dialog:deny-open` + + + +Denies the open command without any pre-configured scope. + +
+ +`dialog:allow-save` + + + +Enables the save command without any pre-configured scope. + +
+ +`dialog:deny-save` + + + +Denies the save command without any pre-configured scope. + +
diff --git a/plugins/dialog/permissions/schemas/schema.json b/plugins/dialog/permissions/schemas/schema.json index 4a8d59af9..e913aba23 100644 --- a/plugins/dialog/permissions/schemas/schema.json +++ b/plugins/dialog/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/fs/permissions/autogenerated/reference.md b/plugins/fs/permissions/autogenerated/reference.md index 045d1a0be..dfbed74e0 100644 --- a/plugins/fs/permissions/autogenerated/reference.md +++ b/plugins/fs/permissions/autogenerated/reference.md @@ -1,281 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-app-read-recursive`|This allows full recursive read access to the complete `$APP` folder, files and subdirectories.| -|`allow-app-write-recursive`|This allows full recursive write access to the complete `$APP` folder, files and subdirectories.| -|`allow-app-read`|This allows non-recursive read access to the `$APP` folder.| -|`allow-app-write`|This allows non-recursive write access to the `$APP` folder.| -|`allow-app-meta-recursive`|This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics.| -|`allow-app-meta`|This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics.| -|`scope-app-recursive`|This scope permits recursive access to the complete `$APP` folder, including sub directories and files.| -|`scope-app`|This scope permits access to all files and list content of top level directories in the `$APP`folder.| -|`scope-app-index`|This scope permits to list all files and folders in the `$APP`folder.| -|`allow-appcache-read-recursive`|This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories.| -|`allow-appcache-write-recursive`|This allows full recursive write access to the complete `$APPCACHE` folder, files and subdirectories.| -|`allow-appcache-read`|This allows non-recursive read access to the `$APPCACHE` folder.| -|`allow-appcache-write`|This allows non-recursive write access to the `$APPCACHE` folder.| -|`allow-appcache-meta-recursive`|This allows full recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.| -|`allow-appcache-meta`|This allows non-recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.| -|`scope-appcache-recursive`|This scope permits recursive access to the complete `$APPCACHE` folder, including sub directories and files.| -|`scope-appcache`|This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder.| -|`scope-appcache-index`|This scope permits to list all files and folders in the `$APPCACHE`folder.| -|`allow-appconfig-read-recursive`|This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories.| -|`allow-appconfig-write-recursive`|This allows full recursive write access to the complete `$APPCONFIG` folder, files and subdirectories.| -|`allow-appconfig-read`|This allows non-recursive read access to the `$APPCONFIG` folder.| -|`allow-appconfig-write`|This allows non-recursive write access to the `$APPCONFIG` folder.| -|`allow-appconfig-meta-recursive`|This allows full recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.| -|`allow-appconfig-meta`|This allows non-recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.| -|`scope-appconfig-recursive`|This scope permits recursive access to the complete `$APPCONFIG` folder, including sub directories and files.| -|`scope-appconfig`|This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder.| -|`scope-appconfig-index`|This scope permits to list all files and folders in the `$APPCONFIG`folder.| -|`allow-appdata-read-recursive`|This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories.| -|`allow-appdata-write-recursive`|This allows full recursive write access to the complete `$APPDATA` folder, files and subdirectories.| -|`allow-appdata-read`|This allows non-recursive read access to the `$APPDATA` folder.| -|`allow-appdata-write`|This allows non-recursive write access to the `$APPDATA` folder.| -|`allow-appdata-meta-recursive`|This allows full recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.| -|`allow-appdata-meta`|This allows non-recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.| -|`scope-appdata-recursive`|This scope permits recursive access to the complete `$APPDATA` folder, including sub directories and files.| -|`scope-appdata`|This scope permits access to all files and list content of top level directories in the `$APPDATA`folder.| -|`scope-appdata-index`|This scope permits to list all files and folders in the `$APPDATA`folder.| -|`allow-applocaldata-read-recursive`|This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories.| -|`allow-applocaldata-write-recursive`|This allows full recursive write access to the complete `$APPLOCALDATA` folder, files and subdirectories.| -|`allow-applocaldata-read`|This allows non-recursive read access to the `$APPLOCALDATA` folder.| -|`allow-applocaldata-write`|This allows non-recursive write access to the `$APPLOCALDATA` folder.| -|`allow-applocaldata-meta-recursive`|This allows full recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.| -|`allow-applocaldata-meta`|This allows non-recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.| -|`scope-applocaldata-recursive`|This scope permits recursive access to the complete `$APPLOCALDATA` folder, including sub directories and files.| -|`scope-applocaldata`|This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder.| -|`scope-applocaldata-index`|This scope permits to list all files and folders in the `$APPLOCALDATA`folder.| -|`allow-applog-read-recursive`|This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories.| -|`allow-applog-write-recursive`|This allows full recursive write access to the complete `$APPLOG` folder, files and subdirectories.| -|`allow-applog-read`|This allows non-recursive read access to the `$APPLOG` folder.| -|`allow-applog-write`|This allows non-recursive write access to the `$APPLOG` folder.| -|`allow-applog-meta-recursive`|This allows full recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.| -|`allow-applog-meta`|This allows non-recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.| -|`scope-applog-recursive`|This scope permits recursive access to the complete `$APPLOG` folder, including sub directories and files.| -|`scope-applog`|This scope permits access to all files and list content of top level directories in the `$APPLOG`folder.| -|`scope-applog-index`|This scope permits to list all files and folders in the `$APPLOG`folder.| -|`allow-audio-read-recursive`|This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories.| -|`allow-audio-write-recursive`|This allows full recursive write access to the complete `$AUDIO` folder, files and subdirectories.| -|`allow-audio-read`|This allows non-recursive read access to the `$AUDIO` folder.| -|`allow-audio-write`|This allows non-recursive write access to the `$AUDIO` folder.| -|`allow-audio-meta-recursive`|This allows full recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.| -|`allow-audio-meta`|This allows non-recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.| -|`scope-audio-recursive`|This scope permits recursive access to the complete `$AUDIO` folder, including sub directories and files.| -|`scope-audio`|This scope permits access to all files and list content of top level directories in the `$AUDIO`folder.| -|`scope-audio-index`|This scope permits to list all files and folders in the `$AUDIO`folder.| -|`allow-cache-read-recursive`|This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories.| -|`allow-cache-write-recursive`|This allows full recursive write access to the complete `$CACHE` folder, files and subdirectories.| -|`allow-cache-read`|This allows non-recursive read access to the `$CACHE` folder.| -|`allow-cache-write`|This allows non-recursive write access to the `$CACHE` folder.| -|`allow-cache-meta-recursive`|This allows full recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.| -|`allow-cache-meta`|This allows non-recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.| -|`scope-cache-recursive`|This scope permits recursive access to the complete `$CACHE` folder, including sub directories and files.| -|`scope-cache`|This scope permits access to all files and list content of top level directories in the `$CACHE`folder.| -|`scope-cache-index`|This scope permits to list all files and folders in the `$CACHE`folder.| -|`allow-config-read-recursive`|This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories.| -|`allow-config-write-recursive`|This allows full recursive write access to the complete `$CONFIG` folder, files and subdirectories.| -|`allow-config-read`|This allows non-recursive read access to the `$CONFIG` folder.| -|`allow-config-write`|This allows non-recursive write access to the `$CONFIG` folder.| -|`allow-config-meta-recursive`|This allows full recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.| -|`allow-config-meta`|This allows non-recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.| -|`scope-config-recursive`|This scope permits recursive access to the complete `$CONFIG` folder, including sub directories and files.| -|`scope-config`|This scope permits access to all files and list content of top level directories in the `$CONFIG`folder.| -|`scope-config-index`|This scope permits to list all files and folders in the `$CONFIG`folder.| -|`allow-data-read-recursive`|This allows full recursive read access to the complete `$DATA` folder, files and subdirectories.| -|`allow-data-write-recursive`|This allows full recursive write access to the complete `$DATA` folder, files and subdirectories.| -|`allow-data-read`|This allows non-recursive read access to the `$DATA` folder.| -|`allow-data-write`|This allows non-recursive write access to the `$DATA` folder.| -|`allow-data-meta-recursive`|This allows full recursive read access to metadata of the `$DATA` folder, including file listing and statistics.| -|`allow-data-meta`|This allows non-recursive read access to metadata of the `$DATA` folder, including file listing and statistics.| -|`scope-data-recursive`|This scope permits recursive access to the complete `$DATA` folder, including sub directories and files.| -|`scope-data`|This scope permits access to all files and list content of top level directories in the `$DATA`folder.| -|`scope-data-index`|This scope permits to list all files and folders in the `$DATA`folder.| -|`allow-desktop-read-recursive`|This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories.| -|`allow-desktop-write-recursive`|This allows full recursive write access to the complete `$DESKTOP` folder, files and subdirectories.| -|`allow-desktop-read`|This allows non-recursive read access to the `$DESKTOP` folder.| -|`allow-desktop-write`|This allows non-recursive write access to the `$DESKTOP` folder.| -|`allow-desktop-meta-recursive`|This allows full recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.| -|`allow-desktop-meta`|This allows non-recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.| -|`scope-desktop-recursive`|This scope permits recursive access to the complete `$DESKTOP` folder, including sub directories and files.| -|`scope-desktop`|This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder.| -|`scope-desktop-index`|This scope permits to list all files and folders in the `$DESKTOP`folder.| -|`allow-document-read-recursive`|This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories.| -|`allow-document-write-recursive`|This allows full recursive write access to the complete `$DOCUMENT` folder, files and subdirectories.| -|`allow-document-read`|This allows non-recursive read access to the `$DOCUMENT` folder.| -|`allow-document-write`|This allows non-recursive write access to the `$DOCUMENT` folder.| -|`allow-document-meta-recursive`|This allows full recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.| -|`allow-document-meta`|This allows non-recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.| -|`scope-document-recursive`|This scope permits recursive access to the complete `$DOCUMENT` folder, including sub directories and files.| -|`scope-document`|This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder.| -|`scope-document-index`|This scope permits to list all files and folders in the `$DOCUMENT`folder.| -|`allow-download-read-recursive`|This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories.| -|`allow-download-write-recursive`|This allows full recursive write access to the complete `$DOWNLOAD` folder, files and subdirectories.| -|`allow-download-read`|This allows non-recursive read access to the `$DOWNLOAD` folder.| -|`allow-download-write`|This allows non-recursive write access to the `$DOWNLOAD` folder.| -|`allow-download-meta-recursive`|This allows full recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.| -|`allow-download-meta`|This allows non-recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.| -|`scope-download-recursive`|This scope permits recursive access to the complete `$DOWNLOAD` folder, including sub directories and files.| -|`scope-download`|This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder.| -|`scope-download-index`|This scope permits to list all files and folders in the `$DOWNLOAD`folder.| -|`allow-exe-read-recursive`|This allows full recursive read access to the complete `$EXE` folder, files and subdirectories.| -|`allow-exe-write-recursive`|This allows full recursive write access to the complete `$EXE` folder, files and subdirectories.| -|`allow-exe-read`|This allows non-recursive read access to the `$EXE` folder.| -|`allow-exe-write`|This allows non-recursive write access to the `$EXE` folder.| -|`allow-exe-meta-recursive`|This allows full recursive read access to metadata of the `$EXE` folder, including file listing and statistics.| -|`allow-exe-meta`|This allows non-recursive read access to metadata of the `$EXE` folder, including file listing and statistics.| -|`scope-exe-recursive`|This scope permits recursive access to the complete `$EXE` folder, including sub directories and files.| -|`scope-exe`|This scope permits access to all files and list content of top level directories in the `$EXE`folder.| -|`scope-exe-index`|This scope permits to list all files and folders in the `$EXE`folder.| -|`allow-font-read-recursive`|This allows full recursive read access to the complete `$FONT` folder, files and subdirectories.| -|`allow-font-write-recursive`|This allows full recursive write access to the complete `$FONT` folder, files and subdirectories.| -|`allow-font-read`|This allows non-recursive read access to the `$FONT` folder.| -|`allow-font-write`|This allows non-recursive write access to the `$FONT` folder.| -|`allow-font-meta-recursive`|This allows full recursive read access to metadata of the `$FONT` folder, including file listing and statistics.| -|`allow-font-meta`|This allows non-recursive read access to metadata of the `$FONT` folder, including file listing and statistics.| -|`scope-font-recursive`|This scope permits recursive access to the complete `$FONT` folder, including sub directories and files.| -|`scope-font`|This scope permits access to all files and list content of top level directories in the `$FONT`folder.| -|`scope-font-index`|This scope permits to list all files and folders in the `$FONT`folder.| -|`allow-home-read-recursive`|This allows full recursive read access to the complete `$HOME` folder, files and subdirectories.| -|`allow-home-write-recursive`|This allows full recursive write access to the complete `$HOME` folder, files and subdirectories.| -|`allow-home-read`|This allows non-recursive read access to the `$HOME` folder.| -|`allow-home-write`|This allows non-recursive write access to the `$HOME` folder.| -|`allow-home-meta-recursive`|This allows full recursive read access to metadata of the `$HOME` folder, including file listing and statistics.| -|`allow-home-meta`|This allows non-recursive read access to metadata of the `$HOME` folder, including file listing and statistics.| -|`scope-home-recursive`|This scope permits recursive access to the complete `$HOME` folder, including sub directories and files.| -|`scope-home`|This scope permits access to all files and list content of top level directories in the `$HOME`folder.| -|`scope-home-index`|This scope permits to list all files and folders in the `$HOME`folder.| -|`allow-localdata-read-recursive`|This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories.| -|`allow-localdata-write-recursive`|This allows full recursive write access to the complete `$LOCALDATA` folder, files and subdirectories.| -|`allow-localdata-read`|This allows non-recursive read access to the `$LOCALDATA` folder.| -|`allow-localdata-write`|This allows non-recursive write access to the `$LOCALDATA` folder.| -|`allow-localdata-meta-recursive`|This allows full recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.| -|`allow-localdata-meta`|This allows non-recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.| -|`scope-localdata-recursive`|This scope permits recursive access to the complete `$LOCALDATA` folder, including sub directories and files.| -|`scope-localdata`|This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder.| -|`scope-localdata-index`|This scope permits to list all files and folders in the `$LOCALDATA`folder.| -|`allow-log-read-recursive`|This allows full recursive read access to the complete `$LOG` folder, files and subdirectories.| -|`allow-log-write-recursive`|This allows full recursive write access to the complete `$LOG` folder, files and subdirectories.| -|`allow-log-read`|This allows non-recursive read access to the `$LOG` folder.| -|`allow-log-write`|This allows non-recursive write access to the `$LOG` folder.| -|`allow-log-meta-recursive`|This allows full recursive read access to metadata of the `$LOG` folder, including file listing and statistics.| -|`allow-log-meta`|This allows non-recursive read access to metadata of the `$LOG` folder, including file listing and statistics.| -|`scope-log-recursive`|This scope permits recursive access to the complete `$LOG` folder, including sub directories and files.| -|`scope-log`|This scope permits access to all files and list content of top level directories in the `$LOG`folder.| -|`scope-log-index`|This scope permits to list all files and folders in the `$LOG`folder.| -|`allow-picture-read-recursive`|This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories.| -|`allow-picture-write-recursive`|This allows full recursive write access to the complete `$PICTURE` folder, files and subdirectories.| -|`allow-picture-read`|This allows non-recursive read access to the `$PICTURE` folder.| -|`allow-picture-write`|This allows non-recursive write access to the `$PICTURE` folder.| -|`allow-picture-meta-recursive`|This allows full recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.| -|`allow-picture-meta`|This allows non-recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.| -|`scope-picture-recursive`|This scope permits recursive access to the complete `$PICTURE` folder, including sub directories and files.| -|`scope-picture`|This scope permits access to all files and list content of top level directories in the `$PICTURE`folder.| -|`scope-picture-index`|This scope permits to list all files and folders in the `$PICTURE`folder.| -|`allow-public-read-recursive`|This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories.| -|`allow-public-write-recursive`|This allows full recursive write access to the complete `$PUBLIC` folder, files and subdirectories.| -|`allow-public-read`|This allows non-recursive read access to the `$PUBLIC` folder.| -|`allow-public-write`|This allows non-recursive write access to the `$PUBLIC` folder.| -|`allow-public-meta-recursive`|This allows full recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.| -|`allow-public-meta`|This allows non-recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.| -|`scope-public-recursive`|This scope permits recursive access to the complete `$PUBLIC` folder, including sub directories and files.| -|`scope-public`|This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder.| -|`scope-public-index`|This scope permits to list all files and folders in the `$PUBLIC`folder.| -|`allow-resource-read-recursive`|This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories.| -|`allow-resource-write-recursive`|This allows full recursive write access to the complete `$RESOURCE` folder, files and subdirectories.| -|`allow-resource-read`|This allows non-recursive read access to the `$RESOURCE` folder.| -|`allow-resource-write`|This allows non-recursive write access to the `$RESOURCE` folder.| -|`allow-resource-meta-recursive`|This allows full recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.| -|`allow-resource-meta`|This allows non-recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.| -|`scope-resource-recursive`|This scope permits recursive access to the complete `$RESOURCE` folder, including sub directories and files.| -|`scope-resource`|This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder.| -|`scope-resource-index`|This scope permits to list all files and folders in the `$RESOURCE`folder.| -|`allow-runtime-read-recursive`|This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories.| -|`allow-runtime-write-recursive`|This allows full recursive write access to the complete `$RUNTIME` folder, files and subdirectories.| -|`allow-runtime-read`|This allows non-recursive read access to the `$RUNTIME` folder.| -|`allow-runtime-write`|This allows non-recursive write access to the `$RUNTIME` folder.| -|`allow-runtime-meta-recursive`|This allows full recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.| -|`allow-runtime-meta`|This allows non-recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.| -|`scope-runtime-recursive`|This scope permits recursive access to the complete `$RUNTIME` folder, including sub directories and files.| -|`scope-runtime`|This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder.| -|`scope-runtime-index`|This scope permits to list all files and folders in the `$RUNTIME`folder.| -|`allow-temp-read-recursive`|This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories.| -|`allow-temp-write-recursive`|This allows full recursive write access to the complete `$TEMP` folder, files and subdirectories.| -|`allow-temp-read`|This allows non-recursive read access to the `$TEMP` folder.| -|`allow-temp-write`|This allows non-recursive write access to the `$TEMP` folder.| -|`allow-temp-meta-recursive`|This allows full recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.| -|`allow-temp-meta`|This allows non-recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.| -|`scope-temp-recursive`|This scope permits recursive access to the complete `$TEMP` folder, including sub directories and files.| -|`scope-temp`|This scope permits access to all files and list content of top level directories in the `$TEMP`folder.| -|`scope-temp-index`|This scope permits to list all files and folders in the `$TEMP`folder.| -|`allow-template-read-recursive`|This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories.| -|`allow-template-write-recursive`|This allows full recursive write access to the complete `$TEMPLATE` folder, files and subdirectories.| -|`allow-template-read`|This allows non-recursive read access to the `$TEMPLATE` folder.| -|`allow-template-write`|This allows non-recursive write access to the `$TEMPLATE` folder.| -|`allow-template-meta-recursive`|This allows full recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.| -|`allow-template-meta`|This allows non-recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.| -|`scope-template-recursive`|This scope permits recursive access to the complete `$TEMPLATE` folder, including sub directories and files.| -|`scope-template`|This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder.| -|`scope-template-index`|This scope permits to list all files and folders in the `$TEMPLATE`folder.| -|`allow-video-read-recursive`|This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories.| -|`allow-video-write-recursive`|This allows full recursive write access to the complete `$VIDEO` folder, files and subdirectories.| -|`allow-video-read`|This allows non-recursive read access to the `$VIDEO` folder.| -|`allow-video-write`|This allows non-recursive write access to the `$VIDEO` folder.| -|`allow-video-meta-recursive`|This allows full recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.| -|`allow-video-meta`|This allows non-recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.| -|`scope-video-recursive`|This scope permits recursive access to the complete `$VIDEO` folder, including sub directories and files.| -|`scope-video`|This scope permits access to all files and list content of top level directories in the `$VIDEO`folder.| -|`scope-video-index`|This scope permits to list all files and folders in the `$VIDEO`folder.| -|`allow-copy-file`|Enables the copy_file command without any pre-configured scope.| -|`deny-copy-file`|Denies the copy_file command without any pre-configured scope.| -|`allow-create`|Enables the create command without any pre-configured scope.| -|`deny-create`|Denies the create command without any pre-configured scope.| -|`allow-exists`|Enables the exists command without any pre-configured scope.| -|`deny-exists`|Denies the exists command without any pre-configured scope.| -|`allow-fstat`|Enables the fstat command without any pre-configured scope.| -|`deny-fstat`|Denies the fstat command without any pre-configured scope.| -|`allow-ftruncate`|Enables the ftruncate command without any pre-configured scope.| -|`deny-ftruncate`|Denies the ftruncate command without any pre-configured scope.| -|`allow-lstat`|Enables the lstat command without any pre-configured scope.| -|`deny-lstat`|Denies the lstat command without any pre-configured scope.| -|`allow-mkdir`|Enables the mkdir command without any pre-configured scope.| -|`deny-mkdir`|Denies the mkdir command without any pre-configured scope.| -|`allow-open`|Enables the open command without any pre-configured scope.| -|`deny-open`|Denies the open command without any pre-configured scope.| -|`allow-read`|Enables the read command without any pre-configured scope.| -|`deny-read`|Denies the read command without any pre-configured scope.| -|`allow-read-dir`|Enables the read_dir command without any pre-configured scope.| -|`deny-read-dir`|Denies the read_dir command without any pre-configured scope.| -|`allow-read-file`|Enables the read_file command without any pre-configured scope.| -|`deny-read-file`|Denies the read_file command without any pre-configured scope.| -|`allow-read-text-file`|Enables the read_text_file command without any pre-configured scope.| -|`deny-read-text-file`|Denies the read_text_file command without any pre-configured scope.| -|`allow-read-text-file-lines`|Enables the read_text_file_lines command without any pre-configured scope.| -|`deny-read-text-file-lines`|Denies the read_text_file_lines command without any pre-configured scope.| -|`allow-read-text-file-lines-next`|Enables the read_text_file_lines_next command without any pre-configured scope.| -|`deny-read-text-file-lines-next`|Denies the read_text_file_lines_next command without any pre-configured scope.| -|`allow-remove`|Enables the remove command without any pre-configured scope.| -|`deny-remove`|Denies the remove command without any pre-configured scope.| -|`allow-rename`|Enables the rename command without any pre-configured scope.| -|`deny-rename`|Denies the rename command without any pre-configured scope.| -|`allow-seek`|Enables the seek command without any pre-configured scope.| -|`deny-seek`|Denies the seek command without any pre-configured scope.| -|`allow-stat`|Enables the stat command without any pre-configured scope.| -|`deny-stat`|Denies the stat command without any pre-configured scope.| -|`allow-truncate`|Enables the truncate command without any pre-configured scope.| -|`deny-truncate`|Denies the truncate command without any pre-configured scope.| -|`allow-unwatch`|Enables the unwatch command without any pre-configured scope.| -|`deny-unwatch`|Denies the unwatch command without any pre-configured scope.| -|`allow-watch`|Enables the watch command without any pre-configured scope.| -|`deny-watch`|Denies the watch command without any pre-configured scope.| -|`allow-write`|Enables the write command without any pre-configured scope.| -|`deny-write`|Denies the write command without any pre-configured scope.| -|`allow-write-file`|Enables the write_file command without any pre-configured scope.| -|`deny-write-file`|Denies the write_file command without any pre-configured scope.| -|`allow-write-text-file`|Enables the write_text_file command without any pre-configured scope.| -|`deny-write-text-file`|Denies the write_text_file command without any pre-configured scope.| -|`create-app-specific-dirs`|This permissions allows to create the application specific directories. -| -|`default`|This set of permissions describes the what kind of +## Default Permission + +This set of permissions describes the what kind of file system access the `fs` plugin has enabled or denied by default. #### Granted Permissions @@ -299,21 +24,3730 @@ This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied. -| -|`deny-default`|This denies access to dangerous Tauri relevant files and folders by default.| -|`deny-webview-data-linux`|This denies read access to the -`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here. -Allowing access can lead to sensitive information disclosure and should be well considered.| -|`deny-webview-data-windows`|This denies read access to the -`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. -Allowing access can lead to sensitive information disclosure and should be well considered.| -|`read-all`|This enables all read related commands without any pre-configured accessible paths.| -|`read-app-specific-dirs-recursive`|This permission allows recursive read functionality on the application -specific base directories. -| -|`read-dirs`|This enables directory read and file metadata related commands without any pre-configured accessible paths.| -|`read-files`|This enables file read related commands without any pre-configured accessible paths.| -|`read-meta`|This enables all index or metadata related commands without any pre-configured accessible paths.| -|`scope`|An empty permission you can use to modify the global scope.| -|`write-all`|This enables all write related commands without any pre-configured accessible paths.| -|`write-files`|This enables all file write related commands without any pre-configured accessible paths.| + + +- `create-app-specific-dirs` +- `read-app-specific-dirs-recursive` +- `deny-default` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`fs:allow-app-read-recursive` + + + +This allows full recursive read access to the complete `$APP` folder, files and subdirectories. + +
+ +`fs:allow-app-write-recursive` + + + +This allows full recursive write access to the complete `$APP` folder, files and subdirectories. + +
+ +`fs:allow-app-read` + + + +This allows non-recursive read access to the `$APP` folder. + +
+ +`fs:allow-app-write` + + + +This allows non-recursive write access to the `$APP` folder. + +
+ +`fs:allow-app-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APP` folder, including file listing and statistics. + +
+ +`fs:allow-app-meta` + + + +This allows non-recursive read access to metadata of the `$APP` folder, including file listing and statistics. + +
+ +`fs:scope-app-recursive` + + + +This scope permits recursive access to the complete `$APP` folder, including sub directories and files. + +
+ +`fs:scope-app` + + + +This scope permits access to all files and list content of top level directories in the `$APP`folder. + +
+ +`fs:scope-app-index` + + + +This scope permits to list all files and folders in the `$APP`folder. + +
+ +`fs:allow-appcache-read-recursive` + + + +This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories. + +
+ +`fs:allow-appcache-write-recursive` + + + +This allows full recursive write access to the complete `$APPCACHE` folder, files and subdirectories. + +
+ +`fs:allow-appcache-read` + + + +This allows non-recursive read access to the `$APPCACHE` folder. + +
+ +`fs:allow-appcache-write` + + + +This allows non-recursive write access to the `$APPCACHE` folder. + +
+ +`fs:allow-appcache-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics. + +
+ +`fs:allow-appcache-meta` + + + +This allows non-recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics. + +
+ +`fs:scope-appcache-recursive` + + + +This scope permits recursive access to the complete `$APPCACHE` folder, including sub directories and files. + +
+ +`fs:scope-appcache` + + + +This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder. + +
+ +`fs:scope-appcache-index` + + + +This scope permits to list all files and folders in the `$APPCACHE`folder. + +
+ +`fs:allow-appconfig-read-recursive` + + + +This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories. + +
+ +`fs:allow-appconfig-write-recursive` + + + +This allows full recursive write access to the complete `$APPCONFIG` folder, files and subdirectories. + +
+ +`fs:allow-appconfig-read` + + + +This allows non-recursive read access to the `$APPCONFIG` folder. + +
+ +`fs:allow-appconfig-write` + + + +This allows non-recursive write access to the `$APPCONFIG` folder. + +
+ +`fs:allow-appconfig-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics. + +
+ +`fs:allow-appconfig-meta` + + + +This allows non-recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics. + +
+ +`fs:scope-appconfig-recursive` + + + +This scope permits recursive access to the complete `$APPCONFIG` folder, including sub directories and files. + +
+ +`fs:scope-appconfig` + + + +This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder. + +
+ +`fs:scope-appconfig-index` + + + +This scope permits to list all files and folders in the `$APPCONFIG`folder. + +
+ +`fs:allow-appdata-read-recursive` + + + +This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories. + +
+ +`fs:allow-appdata-write-recursive` + + + +This allows full recursive write access to the complete `$APPDATA` folder, files and subdirectories. + +
+ +`fs:allow-appdata-read` + + + +This allows non-recursive read access to the `$APPDATA` folder. + +
+ +`fs:allow-appdata-write` + + + +This allows non-recursive write access to the `$APPDATA` folder. + +
+ +`fs:allow-appdata-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics. + +
+ +`fs:allow-appdata-meta` + + + +This allows non-recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics. + +
+ +`fs:scope-appdata-recursive` + + + +This scope permits recursive access to the complete `$APPDATA` folder, including sub directories and files. + +
+ +`fs:scope-appdata` + + + +This scope permits access to all files and list content of top level directories in the `$APPDATA`folder. + +
+ +`fs:scope-appdata-index` + + + +This scope permits to list all files and folders in the `$APPDATA`folder. + +
+ +`fs:allow-applocaldata-read-recursive` + + + +This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories. + +
+ +`fs:allow-applocaldata-write-recursive` + + + +This allows full recursive write access to the complete `$APPLOCALDATA` folder, files and subdirectories. + +
+ +`fs:allow-applocaldata-read` + + + +This allows non-recursive read access to the `$APPLOCALDATA` folder. + +
+ +`fs:allow-applocaldata-write` + + + +This allows non-recursive write access to the `$APPLOCALDATA` folder. + +
+ +`fs:allow-applocaldata-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics. + +
+ +`fs:allow-applocaldata-meta` + + + +This allows non-recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics. + +
+ +`fs:scope-applocaldata-recursive` + + + +This scope permits recursive access to the complete `$APPLOCALDATA` folder, including sub directories and files. + +
+ +`fs:scope-applocaldata` + + + +This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA`folder. + +
+ +`fs:scope-applocaldata-index` + + + +This scope permits to list all files and folders in the `$APPLOCALDATA`folder. + +
+ +`fs:allow-applog-read-recursive` + + + +This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories. + +
+ +`fs:allow-applog-write-recursive` + + + +This allows full recursive write access to the complete `$APPLOG` folder, files and subdirectories. + +
+ +`fs:allow-applog-read` + + + +This allows non-recursive read access to the `$APPLOG` folder. + +
+ +`fs:allow-applog-write` + + + +This allows non-recursive write access to the `$APPLOG` folder. + +
+ +`fs:allow-applog-meta-recursive` + + + +This allows full recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics. + +
+ +`fs:allow-applog-meta` + + + +This allows non-recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics. + +
+ +`fs:scope-applog-recursive` + + + +This scope permits recursive access to the complete `$APPLOG` folder, including sub directories and files. + +
+ +`fs:scope-applog` + + + +This scope permits access to all files and list content of top level directories in the `$APPLOG`folder. + +
+ +`fs:scope-applog-index` + + + +This scope permits to list all files and folders in the `$APPLOG`folder. + +
+ +`fs:allow-audio-read-recursive` + + + +This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories. + +
+ +`fs:allow-audio-write-recursive` + + + +This allows full recursive write access to the complete `$AUDIO` folder, files and subdirectories. + +
+ +`fs:allow-audio-read` + + + +This allows non-recursive read access to the `$AUDIO` folder. + +
+ +`fs:allow-audio-write` + + + +This allows non-recursive write access to the `$AUDIO` folder. + +
+ +`fs:allow-audio-meta-recursive` + + + +This allows full recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics. + +
+ +`fs:allow-audio-meta` + + + +This allows non-recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics. + +
+ +`fs:scope-audio-recursive` + + + +This scope permits recursive access to the complete `$AUDIO` folder, including sub directories and files. + +
+ +`fs:scope-audio` + + + +This scope permits access to all files and list content of top level directories in the `$AUDIO`folder. + +
+ +`fs:scope-audio-index` + + + +This scope permits to list all files and folders in the `$AUDIO`folder. + +
+ +`fs:allow-cache-read-recursive` + + + +This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories. + +
+ +`fs:allow-cache-write-recursive` + + + +This allows full recursive write access to the complete `$CACHE` folder, files and subdirectories. + +
+ +`fs:allow-cache-read` + + + +This allows non-recursive read access to the `$CACHE` folder. + +
+ +`fs:allow-cache-write` + + + +This allows non-recursive write access to the `$CACHE` folder. + +
+ +`fs:allow-cache-meta-recursive` + + + +This allows full recursive read access to metadata of the `$CACHE` folder, including file listing and statistics. + +
+ +`fs:allow-cache-meta` + + + +This allows non-recursive read access to metadata of the `$CACHE` folder, including file listing and statistics. + +
+ +`fs:scope-cache-recursive` + + + +This scope permits recursive access to the complete `$CACHE` folder, including sub directories and files. + +
+ +`fs:scope-cache` + + + +This scope permits access to all files and list content of top level directories in the `$CACHE`folder. + +
+ +`fs:scope-cache-index` + + + +This scope permits to list all files and folders in the `$CACHE`folder. + +
+ +`fs:allow-config-read-recursive` + + + +This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories. + +
+ +`fs:allow-config-write-recursive` + + + +This allows full recursive write access to the complete `$CONFIG` folder, files and subdirectories. + +
+ +`fs:allow-config-read` + + + +This allows non-recursive read access to the `$CONFIG` folder. + +
+ +`fs:allow-config-write` + + + +This allows non-recursive write access to the `$CONFIG` folder. + +
+ +`fs:allow-config-meta-recursive` + + + +This allows full recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics. + +
+ +`fs:allow-config-meta` + + + +This allows non-recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics. + +
+ +`fs:scope-config-recursive` + + + +This scope permits recursive access to the complete `$CONFIG` folder, including sub directories and files. + +
+ +`fs:scope-config` + + + +This scope permits access to all files and list content of top level directories in the `$CONFIG`folder. + +
+ +`fs:scope-config-index` + + + +This scope permits to list all files and folders in the `$CONFIG`folder. + +
+ +`fs:allow-data-read-recursive` + + + +This allows full recursive read access to the complete `$DATA` folder, files and subdirectories. + +
+ +`fs:allow-data-write-recursive` + + + +This allows full recursive write access to the complete `$DATA` folder, files and subdirectories. + +
+ +`fs:allow-data-read` + + + +This allows non-recursive read access to the `$DATA` folder. + +
+ +`fs:allow-data-write` + + + +This allows non-recursive write access to the `$DATA` folder. + +
+ +`fs:allow-data-meta-recursive` + + + +This allows full recursive read access to metadata of the `$DATA` folder, including file listing and statistics. + +
+ +`fs:allow-data-meta` + + + +This allows non-recursive read access to metadata of the `$DATA` folder, including file listing and statistics. + +
+ +`fs:scope-data-recursive` + + + +This scope permits recursive access to the complete `$DATA` folder, including sub directories and files. + +
+ +`fs:scope-data` + + + +This scope permits access to all files and list content of top level directories in the `$DATA`folder. + +
+ +`fs:scope-data-index` + + + +This scope permits to list all files and folders in the `$DATA`folder. + +
+ +`fs:allow-desktop-read-recursive` + + + +This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories. + +
+ +`fs:allow-desktop-write-recursive` + + + +This allows full recursive write access to the complete `$DESKTOP` folder, files and subdirectories. + +
+ +`fs:allow-desktop-read` + + + +This allows non-recursive read access to the `$DESKTOP` folder. + +
+ +`fs:allow-desktop-write` + + + +This allows non-recursive write access to the `$DESKTOP` folder. + +
+ +`fs:allow-desktop-meta-recursive` + + + +This allows full recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics. + +
+ +`fs:allow-desktop-meta` + + + +This allows non-recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics. + +
+ +`fs:scope-desktop-recursive` + + + +This scope permits recursive access to the complete `$DESKTOP` folder, including sub directories and files. + +
+ +`fs:scope-desktop` + + + +This scope permits access to all files and list content of top level directories in the `$DESKTOP`folder. + +
+ +`fs:scope-desktop-index` + + + +This scope permits to list all files and folders in the `$DESKTOP`folder. + +
+ +`fs:allow-document-read-recursive` + + + +This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories. + +
+ +`fs:allow-document-write-recursive` + + + +This allows full recursive write access to the complete `$DOCUMENT` folder, files and subdirectories. + +
+ +`fs:allow-document-read` + + + +This allows non-recursive read access to the `$DOCUMENT` folder. + +
+ +`fs:allow-document-write` + + + +This allows non-recursive write access to the `$DOCUMENT` folder. + +
+ +`fs:allow-document-meta-recursive` + + + +This allows full recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics. + +
+ +`fs:allow-document-meta` + + + +This allows non-recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics. + +
+ +`fs:scope-document-recursive` + + + +This scope permits recursive access to the complete `$DOCUMENT` folder, including sub directories and files. + +
+ +`fs:scope-document` + + + +This scope permits access to all files and list content of top level directories in the `$DOCUMENT`folder. + +
+ +`fs:scope-document-index` + + + +This scope permits to list all files and folders in the `$DOCUMENT`folder. + +
+ +`fs:allow-download-read-recursive` + + + +This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories. + +
+ +`fs:allow-download-write-recursive` + + + +This allows full recursive write access to the complete `$DOWNLOAD` folder, files and subdirectories. + +
+ +`fs:allow-download-read` + + + +This allows non-recursive read access to the `$DOWNLOAD` folder. + +
+ +`fs:allow-download-write` + + + +This allows non-recursive write access to the `$DOWNLOAD` folder. + +
+ +`fs:allow-download-meta-recursive` + + + +This allows full recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics. + +
+ +`fs:allow-download-meta` + + + +This allows non-recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics. + +
+ +`fs:scope-download-recursive` + + + +This scope permits recursive access to the complete `$DOWNLOAD` folder, including sub directories and files. + +
+ +`fs:scope-download` + + + +This scope permits access to all files and list content of top level directories in the `$DOWNLOAD`folder. + +
+ +`fs:scope-download-index` + + + +This scope permits to list all files and folders in the `$DOWNLOAD`folder. + +
+ +`fs:allow-exe-read-recursive` + + + +This allows full recursive read access to the complete `$EXE` folder, files and subdirectories. + +
+ +`fs:allow-exe-write-recursive` + + + +This allows full recursive write access to the complete `$EXE` folder, files and subdirectories. + +
+ +`fs:allow-exe-read` + + + +This allows non-recursive read access to the `$EXE` folder. + +
+ +`fs:allow-exe-write` + + + +This allows non-recursive write access to the `$EXE` folder. + +
+ +`fs:allow-exe-meta-recursive` + + + +This allows full recursive read access to metadata of the `$EXE` folder, including file listing and statistics. + +
+ +`fs:allow-exe-meta` + + + +This allows non-recursive read access to metadata of the `$EXE` folder, including file listing and statistics. + +
+ +`fs:scope-exe-recursive` + + + +This scope permits recursive access to the complete `$EXE` folder, including sub directories and files. + +
+ +`fs:scope-exe` + + + +This scope permits access to all files and list content of top level directories in the `$EXE`folder. + +
+ +`fs:scope-exe-index` + + + +This scope permits to list all files and folders in the `$EXE`folder. + +
+ +`fs:allow-font-read-recursive` + + + +This allows full recursive read access to the complete `$FONT` folder, files and subdirectories. + +
+ +`fs:allow-font-write-recursive` + + + +This allows full recursive write access to the complete `$FONT` folder, files and subdirectories. + +
+ +`fs:allow-font-read` + + + +This allows non-recursive read access to the `$FONT` folder. + +
+ +`fs:allow-font-write` + + + +This allows non-recursive write access to the `$FONT` folder. + +
+ +`fs:allow-font-meta-recursive` + + + +This allows full recursive read access to metadata of the `$FONT` folder, including file listing and statistics. + +
+ +`fs:allow-font-meta` + + + +This allows non-recursive read access to metadata of the `$FONT` folder, including file listing and statistics. + +
+ +`fs:scope-font-recursive` + + + +This scope permits recursive access to the complete `$FONT` folder, including sub directories and files. + +
+ +`fs:scope-font` + + + +This scope permits access to all files and list content of top level directories in the `$FONT`folder. + +
+ +`fs:scope-font-index` + + + +This scope permits to list all files and folders in the `$FONT`folder. + +
+ +`fs:allow-home-read-recursive` + + + +This allows full recursive read access to the complete `$HOME` folder, files and subdirectories. + +
+ +`fs:allow-home-write-recursive` + + + +This allows full recursive write access to the complete `$HOME` folder, files and subdirectories. + +
+ +`fs:allow-home-read` + + + +This allows non-recursive read access to the `$HOME` folder. + +
+ +`fs:allow-home-write` + + + +This allows non-recursive write access to the `$HOME` folder. + +
+ +`fs:allow-home-meta-recursive` + + + +This allows full recursive read access to metadata of the `$HOME` folder, including file listing and statistics. + +
+ +`fs:allow-home-meta` + + + +This allows non-recursive read access to metadata of the `$HOME` folder, including file listing and statistics. + +
+ +`fs:scope-home-recursive` + + + +This scope permits recursive access to the complete `$HOME` folder, including sub directories and files. + +
+ +`fs:scope-home` + + + +This scope permits access to all files and list content of top level directories in the `$HOME`folder. + +
+ +`fs:scope-home-index` + + + +This scope permits to list all files and folders in the `$HOME`folder. + +
+ +`fs:allow-localdata-read-recursive` + + + +This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories. + +
+ +`fs:allow-localdata-write-recursive` + + + +This allows full recursive write access to the complete `$LOCALDATA` folder, files and subdirectories. + +
+ +`fs:allow-localdata-read` + + + +This allows non-recursive read access to the `$LOCALDATA` folder. + +
+ +`fs:allow-localdata-write` + + + +This allows non-recursive write access to the `$LOCALDATA` folder. + +
+ +`fs:allow-localdata-meta-recursive` + + + +This allows full recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics. + +
+ +`fs:allow-localdata-meta` + + + +This allows non-recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics. + +
+ +`fs:scope-localdata-recursive` + + + +This scope permits recursive access to the complete `$LOCALDATA` folder, including sub directories and files. + +
+ +`fs:scope-localdata` + + + +This scope permits access to all files and list content of top level directories in the `$LOCALDATA`folder. + +
+ +`fs:scope-localdata-index` + + + +This scope permits to list all files and folders in the `$LOCALDATA`folder. + +
+ +`fs:allow-log-read-recursive` + + + +This allows full recursive read access to the complete `$LOG` folder, files and subdirectories. + +
+ +`fs:allow-log-write-recursive` + + + +This allows full recursive write access to the complete `$LOG` folder, files and subdirectories. + +
+ +`fs:allow-log-read` + + + +This allows non-recursive read access to the `$LOG` folder. + +
+ +`fs:allow-log-write` + + + +This allows non-recursive write access to the `$LOG` folder. + +
+ +`fs:allow-log-meta-recursive` + + + +This allows full recursive read access to metadata of the `$LOG` folder, including file listing and statistics. + +
+ +`fs:allow-log-meta` + + + +This allows non-recursive read access to metadata of the `$LOG` folder, including file listing and statistics. + +
+ +`fs:scope-log-recursive` + + + +This scope permits recursive access to the complete `$LOG` folder, including sub directories and files. + +
+ +`fs:scope-log` + + + +This scope permits access to all files and list content of top level directories in the `$LOG`folder. + +
+ +`fs:scope-log-index` + + + +This scope permits to list all files and folders in the `$LOG`folder. + +
+ +`fs:allow-picture-read-recursive` + + + +This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories. + +
+ +`fs:allow-picture-write-recursive` + + + +This allows full recursive write access to the complete `$PICTURE` folder, files and subdirectories. + +
+ +`fs:allow-picture-read` + + + +This allows non-recursive read access to the `$PICTURE` folder. + +
+ +`fs:allow-picture-write` + + + +This allows non-recursive write access to the `$PICTURE` folder. + +
+ +`fs:allow-picture-meta-recursive` + + + +This allows full recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics. + +
+ +`fs:allow-picture-meta` + + + +This allows non-recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics. + +
+ +`fs:scope-picture-recursive` + + + +This scope permits recursive access to the complete `$PICTURE` folder, including sub directories and files. + +
+ +`fs:scope-picture` + + + +This scope permits access to all files and list content of top level directories in the `$PICTURE`folder. + +
+ +`fs:scope-picture-index` + + + +This scope permits to list all files and folders in the `$PICTURE`folder. + +
+ +`fs:allow-public-read-recursive` + + + +This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories. + +
+ +`fs:allow-public-write-recursive` + + + +This allows full recursive write access to the complete `$PUBLIC` folder, files and subdirectories. + +
+ +`fs:allow-public-read` + + + +This allows non-recursive read access to the `$PUBLIC` folder. + +
+ +`fs:allow-public-write` + + + +This allows non-recursive write access to the `$PUBLIC` folder. + +
+ +`fs:allow-public-meta-recursive` + + + +This allows full recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics. + +
+ +`fs:allow-public-meta` + + + +This allows non-recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics. + +
+ +`fs:scope-public-recursive` + + + +This scope permits recursive access to the complete `$PUBLIC` folder, including sub directories and files. + +
+ +`fs:scope-public` + + + +This scope permits access to all files and list content of top level directories in the `$PUBLIC`folder. + +
+ +`fs:scope-public-index` + + + +This scope permits to list all files and folders in the `$PUBLIC`folder. + +
+ +`fs:allow-resource-read-recursive` + + + +This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories. + +
+ +`fs:allow-resource-write-recursive` + + + +This allows full recursive write access to the complete `$RESOURCE` folder, files and subdirectories. + +
+ +`fs:allow-resource-read` + + + +This allows non-recursive read access to the `$RESOURCE` folder. + +
+ +`fs:allow-resource-write` + + + +This allows non-recursive write access to the `$RESOURCE` folder. + +
+ +`fs:allow-resource-meta-recursive` + + + +This allows full recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics. + +
+ +`fs:allow-resource-meta` + + + +This allows non-recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics. + +
+ +`fs:scope-resource-recursive` + + + +This scope permits recursive access to the complete `$RESOURCE` folder, including sub directories and files. + +
+ +`fs:scope-resource` + + + +This scope permits access to all files and list content of top level directories in the `$RESOURCE`folder. + +
+ +`fs:scope-resource-index` + + + +This scope permits to list all files and folders in the `$RESOURCE`folder. + +
+ +`fs:allow-runtime-read-recursive` + + + +This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories. + +
+ +`fs:allow-runtime-write-recursive` + + + +This allows full recursive write access to the complete `$RUNTIME` folder, files and subdirectories. + +
+ +`fs:allow-runtime-read` + + + +This allows non-recursive read access to the `$RUNTIME` folder. + +
+ +`fs:allow-runtime-write` + + + +This allows non-recursive write access to the `$RUNTIME` folder. + +
+ +`fs:allow-runtime-meta-recursive` + + + +This allows full recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics. + +
+ +`fs:allow-runtime-meta` + + + +This allows non-recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics. + +
+ +`fs:scope-runtime-recursive` + + + +This scope permits recursive access to the complete `$RUNTIME` folder, including sub directories and files. + +
+ +`fs:scope-runtime` + + + +This scope permits access to all files and list content of top level directories in the `$RUNTIME`folder. + +
+ +`fs:scope-runtime-index` + + + +This scope permits to list all files and folders in the `$RUNTIME`folder. + +
+ +`fs:allow-temp-read-recursive` + + + +This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories. + +
+ +`fs:allow-temp-write-recursive` + + + +This allows full recursive write access to the complete `$TEMP` folder, files and subdirectories. + +
+ +`fs:allow-temp-read` + + + +This allows non-recursive read access to the `$TEMP` folder. + +
+ +`fs:allow-temp-write` + + + +This allows non-recursive write access to the `$TEMP` folder. + +
+ +`fs:allow-temp-meta-recursive` + + + +This allows full recursive read access to metadata of the `$TEMP` folder, including file listing and statistics. + +
+ +`fs:allow-temp-meta` + + + +This allows non-recursive read access to metadata of the `$TEMP` folder, including file listing and statistics. + +
+ +`fs:scope-temp-recursive` + + + +This scope permits recursive access to the complete `$TEMP` folder, including sub directories and files. + +
+ +`fs:scope-temp` + + + +This scope permits access to all files and list content of top level directories in the `$TEMP`folder. + +
+ +`fs:scope-temp-index` + + + +This scope permits to list all files and folders in the `$TEMP`folder. + +
+ +`fs:allow-template-read-recursive` + + + +This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories. + +
+ +`fs:allow-template-write-recursive` + + + +This allows full recursive write access to the complete `$TEMPLATE` folder, files and subdirectories. + +
+ +`fs:allow-template-read` + + + +This allows non-recursive read access to the `$TEMPLATE` folder. + +
+ +`fs:allow-template-write` + + + +This allows non-recursive write access to the `$TEMPLATE` folder. + +
+ +`fs:allow-template-meta-recursive` + + + +This allows full recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics. + +
+ +`fs:allow-template-meta` + + + +This allows non-recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics. + +
+ +`fs:scope-template-recursive` + + + +This scope permits recursive access to the complete `$TEMPLATE` folder, including sub directories and files. + +
+ +`fs:scope-template` + + + +This scope permits access to all files and list content of top level directories in the `$TEMPLATE`folder. + +
+ +`fs:scope-template-index` + + + +This scope permits to list all files and folders in the `$TEMPLATE`folder. + +
+ +`fs:allow-video-read-recursive` + + + +This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories. + +
+ +`fs:allow-video-write-recursive` + + + +This allows full recursive write access to the complete `$VIDEO` folder, files and subdirectories. + +
+ +`fs:allow-video-read` + + + +This allows non-recursive read access to the `$VIDEO` folder. + +
+ +`fs:allow-video-write` + + + +This allows non-recursive write access to the `$VIDEO` folder. + +
+ +`fs:allow-video-meta-recursive` + + + +This allows full recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics. + +
+ +`fs:allow-video-meta` + + + +This allows non-recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics. + +
+ +`fs:scope-video-recursive` + + + +This scope permits recursive access to the complete `$VIDEO` folder, including sub directories and files. + +
+ +`fs:scope-video` + + + +This scope permits access to all files and list content of top level directories in the `$VIDEO`folder. + +
+ +`fs:scope-video-index` + + + +This scope permits to list all files and folders in the `$VIDEO`folder. + +
+ +`fs:allow-copy-file` + + + +Enables the copy_file command without any pre-configured scope. + +
+ +`fs:deny-copy-file` + + + +Denies the copy_file command without any pre-configured scope. + +
+ +`fs:allow-create` + + + +Enables the create command without any pre-configured scope. + +
+ +`fs:deny-create` + + + +Denies the create command without any pre-configured scope. + +
+ +`fs:allow-exists` + + + +Enables the exists command without any pre-configured scope. + +
+ +`fs:deny-exists` + + + +Denies the exists command without any pre-configured scope. + +
+ +`fs:allow-fstat` + + + +Enables the fstat command without any pre-configured scope. + +
+ +`fs:deny-fstat` + + + +Denies the fstat command without any pre-configured scope. + +
+ +`fs:allow-ftruncate` + + + +Enables the ftruncate command without any pre-configured scope. + +
+ +`fs:deny-ftruncate` + + + +Denies the ftruncate command without any pre-configured scope. + +
+ +`fs:allow-lstat` + + + +Enables the lstat command without any pre-configured scope. + +
+ +`fs:deny-lstat` + + + +Denies the lstat command without any pre-configured scope. + +
+ +`fs:allow-mkdir` + + + +Enables the mkdir command without any pre-configured scope. + +
+ +`fs:deny-mkdir` + + + +Denies the mkdir command without any pre-configured scope. + +
+ +`fs:allow-open` + + + +Enables the open command without any pre-configured scope. + +
+ +`fs:deny-open` + + + +Denies the open command without any pre-configured scope. + +
+ +`fs:allow-read` + + + +Enables the read command without any pre-configured scope. + +
+ +`fs:deny-read` + + + +Denies the read command without any pre-configured scope. + +
+ +`fs:allow-read-dir` + + + +Enables the read_dir command without any pre-configured scope. + +
+ +`fs:deny-read-dir` + + + +Denies the read_dir command without any pre-configured scope. + +
+ +`fs:allow-read-file` + + + +Enables the read_file command without any pre-configured scope. + +
+ +`fs:deny-read-file` + + + +Denies the read_file command without any pre-configured scope. + +
+ +`fs:allow-read-text-file` + + + +Enables the read_text_file command without any pre-configured scope. + +
+ +`fs:deny-read-text-file` + + + +Denies the read_text_file command without any pre-configured scope. + +
+ +`fs:allow-read-text-file-lines` + + + +Enables the read_text_file_lines command without any pre-configured scope. + +
+ +`fs:deny-read-text-file-lines` + + + +Denies the read_text_file_lines command without any pre-configured scope. + +
+ +`fs:allow-read-text-file-lines-next` + + + +Enables the read_text_file_lines_next command without any pre-configured scope. + +
+ +`fs:deny-read-text-file-lines-next` + + + +Denies the read_text_file_lines_next command without any pre-configured scope. + +
+ +`fs:allow-remove` + + + +Enables the remove command without any pre-configured scope. + +
+ +`fs:deny-remove` + + + +Denies the remove command without any pre-configured scope. + +
+ +`fs:allow-rename` + + + +Enables the rename command without any pre-configured scope. + +
+ +`fs:deny-rename` + + + +Denies the rename command without any pre-configured scope. + +
+ +`fs:allow-seek` + + + +Enables the seek command without any pre-configured scope. + +
+ +`fs:deny-seek` + + + +Denies the seek command without any pre-configured scope. + +
+ +`fs:allow-stat` + + + +Enables the stat command without any pre-configured scope. + +
+ +`fs:deny-stat` + + + +Denies the stat command without any pre-configured scope. + +
+ +`fs:allow-truncate` + + + +Enables the truncate command without any pre-configured scope. + +
+ +`fs:deny-truncate` + + + +Denies the truncate command without any pre-configured scope. + +
+ +`fs:allow-unwatch` + + + +Enables the unwatch command without any pre-configured scope. + +
+ +`fs:deny-unwatch` + + + +Denies the unwatch command without any pre-configured scope. + +
+ +`fs:allow-watch` + + + +Enables the watch command without any pre-configured scope. + +
+ +`fs:deny-watch` + + + +Denies the watch command without any pre-configured scope. + +
+ +`fs:allow-write` + + + +Enables the write command without any pre-configured scope. + +
+ +`fs:deny-write` + + + +Denies the write command without any pre-configured scope. + +
+ +`fs:allow-write-file` + + + +Enables the write_file command without any pre-configured scope. + +
+ +`fs:deny-write-file` + + + +Denies the write_file command without any pre-configured scope. + +
+ +`fs:allow-write-text-file` + + + +Enables the write_text_file command without any pre-configured scope. + +
+ +`fs:deny-write-text-file` + + + +Denies the write_text_file command without any pre-configured scope. + +
+ +`fs:create-app-specific-dirs` + + + +This permissions allows to create the application specific directories. + + +
+ +`fs:deny-default` + + + +This denies access to dangerous Tauri relevant files and folders by default. + +
+ +`fs:deny-webview-data-linux` + + + +This denies read access to the +`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here. +Allowing access can lead to sensitive information disclosure and should be well considered. + +
+ +`fs:deny-webview-data-windows` + + + +This denies read access to the +`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. +Allowing access can lead to sensitive information disclosure and should be well considered. + +
+ +`fs:read-all` + + + +This enables all read related commands without any pre-configured accessible paths. + +
+ +`fs:read-app-specific-dirs-recursive` + + + +This permission allows recursive read functionality on the application +specific base directories. + + +
+ +`fs:read-dirs` + + + +This enables directory read and file metadata related commands without any pre-configured accessible paths. + +
+ +`fs:read-files` + + + +This enables file read related commands without any pre-configured accessible paths. + +
+ +`fs:read-meta` + + + +This enables all index or metadata related commands without any pre-configured accessible paths. + +
+ +`fs:scope` + + + +An empty permission you can use to modify the global scope. + +
+ +`fs:write-all` + + + +This enables all write related commands without any pre-configured accessible paths. + +
+ +`fs:write-files` + + + +This enables all file write related commands without any pre-configured accessible paths. + +
diff --git a/plugins/fs/permissions/schemas/schema.json b/plugins/fs/permissions/schemas/schema.json index 4910e9527..12fd7b341 100644 --- a/plugins/fs/permissions/schemas/schema.json +++ b/plugins/fs/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/global-shortcut/permissions/autogenerated/reference.md b/plugins/global-shortcut/permissions/autogenerated/reference.md index fed89448e..821bf9f91 100644 --- a/plugins/global-shortcut/permissions/autogenerated/reference.md +++ b/plugins/global-shortcut/permissions/autogenerated/reference.md @@ -1,17 +1,148 @@ -| Permission | Description | -|------|-----| -|`allow-is-registered`|Enables the is_registered command without any pre-configured scope.| -|`deny-is-registered`|Denies the is_registered command without any pre-configured scope.| -|`allow-register`|Enables the register command without any pre-configured scope.| -|`deny-register`|Denies the register command without any pre-configured scope.| -|`allow-register-all`|Enables the register_all command without any pre-configured scope.| -|`deny-register-all`|Denies the register_all command without any pre-configured scope.| -|`allow-unregister`|Enables the unregister command without any pre-configured scope.| -|`deny-unregister`|Denies the unregister command without any pre-configured scope.| -|`allow-unregister-all`|Enables the unregister_all command without any pre-configured scope.| -|`deny-unregister-all`|Denies the unregister_all command without any pre-configured scope.| -|`default`|No features are enabled by default, as we believe +## Default Permission + +No features are enabled by default, as we believe the shortcuts can be inherently dangerous and it is application specific if specific shortcuts should be registered or unregistered. -| + + + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`global-shortcut:allow-is-registered` + + + +Enables the is_registered command without any pre-configured scope. + +
+ +`global-shortcut:deny-is-registered` + + + +Denies the is_registered command without any pre-configured scope. + +
+ +`global-shortcut:allow-register` + + + +Enables the register command without any pre-configured scope. + +
+ +`global-shortcut:deny-register` + + + +Denies the register command without any pre-configured scope. + +
+ +`global-shortcut:allow-register-all` + + + +Enables the register_all command without any pre-configured scope. + +
+ +`global-shortcut:deny-register-all` + + + +Denies the register_all command without any pre-configured scope. + +
+ +`global-shortcut:allow-unregister` + + + +Enables the unregister command without any pre-configured scope. + +
+ +`global-shortcut:deny-unregister` + + + +Denies the unregister command without any pre-configured scope. + +
+ +`global-shortcut:allow-unregister-all` + + + +Enables the unregister_all command without any pre-configured scope. + +
+ +`global-shortcut:deny-unregister-all` + + + +Denies the unregister_all command without any pre-configured scope. + +
diff --git a/plugins/global-shortcut/permissions/schemas/schema.json b/plugins/global-shortcut/permissions/schemas/schema.json index 615a8a181..5d861c96c 100644 --- a/plugins/global-shortcut/permissions/schemas/schema.json +++ b/plugins/global-shortcut/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/http/permissions/autogenerated/reference.md b/plugins/http/permissions/autogenerated/reference.md index 27d924a95..b1988a0d9 100644 --- a/plugins/http/permissions/autogenerated/reference.md +++ b/plugins/http/permissions/autogenerated/reference.md @@ -1,14 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-fetch`|Enables the fetch command without any pre-configured scope.| -|`deny-fetch`|Denies the fetch command without any pre-configured scope.| -|`allow-fetch-cancel`|Enables the fetch_cancel command without any pre-configured scope.| -|`deny-fetch-cancel`|Denies the fetch_cancel command without any pre-configured scope.| -|`allow-fetch-read-body`|Enables the fetch_read_body command without any pre-configured scope.| -|`deny-fetch-read-body`|Denies the fetch_read_body command without any pre-configured scope.| -|`allow-fetch-send`|Enables the fetch_send command without any pre-configured scope.| -|`deny-fetch-send`|Denies the fetch_send command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of fetch operations are available from the http plugin. This enables all fetch operations but does not @@ -19,4 +11,123 @@ be manually configured before usage. All fetch operations are enabled. -| + + +- `allow-fetch` +- `allow-fetch-cancel` +- `allow-fetch-read-body` +- `allow-fetch-send` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`http:allow-fetch` + + + +Enables the fetch command without any pre-configured scope. + +
+ +`http:deny-fetch` + + + +Denies the fetch command without any pre-configured scope. + +
+ +`http:allow-fetch-cancel` + + + +Enables the fetch_cancel command without any pre-configured scope. + +
+ +`http:deny-fetch-cancel` + + + +Denies the fetch_cancel command without any pre-configured scope. + +
+ +`http:allow-fetch-read-body` + + + +Enables the fetch_read_body command without any pre-configured scope. + +
+ +`http:deny-fetch-read-body` + + + +Denies the fetch_read_body command without any pre-configured scope. + +
+ +`http:allow-fetch-send` + + + +Enables the fetch_send command without any pre-configured scope. + +
+ +`http:deny-fetch-send` + + + +Denies the fetch_send command without any pre-configured scope. + +
diff --git a/plugins/http/permissions/schemas/schema.json b/plugins/http/permissions/schemas/schema.json index 17ce3d3dd..88617be05 100644 --- a/plugins/http/permissions/schemas/schema.json +++ b/plugins/http/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/log/permissions/autogenerated/reference.md b/plugins/log/permissions/autogenerated/reference.md index 075f183e2..a1f067228 100644 --- a/plugins/log/permissions/autogenerated/reference.md +++ b/plugins/log/permissions/autogenerated/reference.md @@ -1,5 +1,41 @@ -| Permission | Description | -|------|-----| -|`allow-log`|Enables the log command without any pre-configured scope.| -|`deny-log`|Denies the log command without any pre-configured scope.| -|`default`|Allows the log command| +## Default Permission + +Allows the log command + +- `allow-log` + +### Permission Table + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`log:allow-log` + + + +Enables the log command without any pre-configured scope. + +
+ +`log:deny-log` + + + +Denies the log command without any pre-configured scope. + +
diff --git a/plugins/log/permissions/schemas/schema.json b/plugins/log/permissions/schemas/schema.json index 1eb694d3c..e1489b68f 100644 --- a/plugins/log/permissions/schemas/schema.json +++ b/plugins/log/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/nfc/permissions/autogenerated/reference.md b/plugins/nfc/permissions/autogenerated/reference.md index b627f7083..885eb684a 100644 --- a/plugins/nfc/permissions/autogenerated/reference.md +++ b/plugins/nfc/permissions/autogenerated/reference.md @@ -1,12 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-is-available`|Enables the is_available command without any pre-configured scope.| -|`deny-is-available`|Denies the is_available command without any pre-configured scope.| -|`allow-scan`|Enables the scan command without any pre-configured scope.| -|`deny-scan`|Denies the scan command without any pre-configured scope.| -|`allow-write`|Enables the write command without any pre-configured scope.| -|`deny-write`|Denies the write command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of operations are available from the nfc plugin. #### Granted Permissions @@ -15,4 +9,95 @@ Checking if the NFC functionality is available and scanning nearby tags is allowed. Writing to tags needs to be manually enabled. -| + + +- `allow-is-available` +- `allow-scan` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`nfc:allow-is-available` + + + +Enables the is_available command without any pre-configured scope. + +
+ +`nfc:deny-is-available` + + + +Denies the is_available command without any pre-configured scope. + +
+ +`nfc:allow-scan` + + + +Enables the scan command without any pre-configured scope. + +
+ +`nfc:deny-scan` + + + +Denies the scan command without any pre-configured scope. + +
+ +`nfc:allow-write` + + + +Enables the write command without any pre-configured scope. + +
+ +`nfc:deny-write` + + + +Denies the write command without any pre-configured scope. + +
diff --git a/plugins/nfc/permissions/schemas/schema.json b/plugins/nfc/permissions/schemas/schema.json index e5d5931a9..0add3642c 100644 --- a/plugins/nfc/permissions/schemas/schema.json +++ b/plugins/nfc/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/notification/permissions/autogenerated/reference.md b/plugins/notification/permissions/autogenerated/reference.md index e64232593..2dd889a78 100644 --- a/plugins/notification/permissions/autogenerated/reference.md +++ b/plugins/notification/permissions/autogenerated/reference.md @@ -1,42 +1,453 @@ -| Permission | Description | -|------|-----| -|`allow-batch`|Enables the batch command without any pre-configured scope.| -|`deny-batch`|Denies the batch command without any pre-configured scope.| -|`allow-cancel`|Enables the cancel command without any pre-configured scope.| -|`deny-cancel`|Denies the cancel command without any pre-configured scope.| -|`allow-check-permissions`|Enables the check_permissions command without any pre-configured scope.| -|`deny-check-permissions`|Denies the check_permissions command without any pre-configured scope.| -|`allow-create-channel`|Enables the create_channel command without any pre-configured scope.| -|`deny-create-channel`|Denies the create_channel command without any pre-configured scope.| -|`allow-delete-channel`|Enables the delete_channel command without any pre-configured scope.| -|`deny-delete-channel`|Denies the delete_channel command without any pre-configured scope.| -|`allow-get-active`|Enables the get_active command without any pre-configured scope.| -|`deny-get-active`|Denies the get_active command without any pre-configured scope.| -|`allow-get-pending`|Enables the get_pending command without any pre-configured scope.| -|`deny-get-pending`|Denies the get_pending command without any pre-configured scope.| -|`allow-is-permission-granted`|Enables the is_permission_granted command without any pre-configured scope.| -|`deny-is-permission-granted`|Denies the is_permission_granted command without any pre-configured scope.| -|`allow-list-channels`|Enables the list_channels command without any pre-configured scope.| -|`deny-list-channels`|Denies the list_channels command without any pre-configured scope.| -|`allow-notify`|Enables the notify command without any pre-configured scope.| -|`deny-notify`|Denies the notify command without any pre-configured scope.| -|`allow-permission-state`|Enables the permission_state command without any pre-configured scope.| -|`deny-permission-state`|Denies the permission_state command without any pre-configured scope.| -|`allow-register-action-types`|Enables the register_action_types command without any pre-configured scope.| -|`deny-register-action-types`|Denies the register_action_types command without any pre-configured scope.| -|`allow-register-listener`|Enables the register_listener command without any pre-configured scope.| -|`deny-register-listener`|Denies the register_listener command without any pre-configured scope.| -|`allow-remove-active`|Enables the remove_active command without any pre-configured scope.| -|`deny-remove-active`|Denies the remove_active command without any pre-configured scope.| -|`allow-request-permission`|Enables the request_permission command without any pre-configured scope.| -|`deny-request-permission`|Denies the request_permission command without any pre-configured scope.| -|`allow-show`|Enables the show command without any pre-configured scope.| -|`deny-show`|Denies the show command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which notification features are by default exposed. #### Granted Permissions It allows all notification related features. -| + + +- `allow-is-permission-granted` +- `allow-request-permission` +- `allow-notify` +- `allow-register-action-types` +- `allow-register-listener` +- `allow-cancel` +- `allow-get-pending` +- `allow-remove-active` +- `allow-get-active` +- `allow-check-permissions` +- `allow-show` +- `allow-batch` +- `allow-list-channels` +- `allow-delete-channel` +- `allow-create-channel` +- `allow-permission-state` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`notification:allow-batch` + + + +Enables the batch command without any pre-configured scope. + +
+ +`notification:deny-batch` + + + +Denies the batch command without any pre-configured scope. + +
+ +`notification:allow-cancel` + + + +Enables the cancel command without any pre-configured scope. + +
+ +`notification:deny-cancel` + + + +Denies the cancel command without any pre-configured scope. + +
+ +`notification:allow-check-permissions` + + + +Enables the check_permissions command without any pre-configured scope. + +
+ +`notification:deny-check-permissions` + + + +Denies the check_permissions command without any pre-configured scope. + +
+ +`notification:allow-create-channel` + + + +Enables the create_channel command without any pre-configured scope. + +
+ +`notification:deny-create-channel` + + + +Denies the create_channel command without any pre-configured scope. + +
+ +`notification:allow-delete-channel` + + + +Enables the delete_channel command without any pre-configured scope. + +
+ +`notification:deny-delete-channel` + + + +Denies the delete_channel command without any pre-configured scope. + +
+ +`notification:allow-get-active` + + + +Enables the get_active command without any pre-configured scope. + +
+ +`notification:deny-get-active` + + + +Denies the get_active command without any pre-configured scope. + +
+ +`notification:allow-get-pending` + + + +Enables the get_pending command without any pre-configured scope. + +
+ +`notification:deny-get-pending` + + + +Denies the get_pending command without any pre-configured scope. + +
+ +`notification:allow-is-permission-granted` + + + +Enables the is_permission_granted command without any pre-configured scope. + +
+ +`notification:deny-is-permission-granted` + + + +Denies the is_permission_granted command without any pre-configured scope. + +
+ +`notification:allow-list-channels` + + + +Enables the list_channels command without any pre-configured scope. + +
+ +`notification:deny-list-channels` + + + +Denies the list_channels command without any pre-configured scope. + +
+ +`notification:allow-notify` + + + +Enables the notify command without any pre-configured scope. + +
+ +`notification:deny-notify` + + + +Denies the notify command without any pre-configured scope. + +
+ +`notification:allow-permission-state` + + + +Enables the permission_state command without any pre-configured scope. + +
+ +`notification:deny-permission-state` + + + +Denies the permission_state command without any pre-configured scope. + +
+ +`notification:allow-register-action-types` + + + +Enables the register_action_types command without any pre-configured scope. + +
+ +`notification:deny-register-action-types` + + + +Denies the register_action_types command without any pre-configured scope. + +
+ +`notification:allow-register-listener` + + + +Enables the register_listener command without any pre-configured scope. + +
+ +`notification:deny-register-listener` + + + +Denies the register_listener command without any pre-configured scope. + +
+ +`notification:allow-remove-active` + + + +Enables the remove_active command without any pre-configured scope. + +
+ +`notification:deny-remove-active` + + + +Denies the remove_active command without any pre-configured scope. + +
+ +`notification:allow-request-permission` + + + +Enables the request_permission command without any pre-configured scope. + +
+ +`notification:deny-request-permission` + + + +Denies the request_permission command without any pre-configured scope. + +
+ +`notification:allow-show` + + + +Enables the show command without any pre-configured scope. + +
+ +`notification:deny-show` + + + +Denies the show command without any pre-configured scope. + +
diff --git a/plugins/notification/permissions/schemas/schema.json b/plugins/notification/permissions/schemas/schema.json index 0b20a6c5f..5c0aa2445 100644 --- a/plugins/notification/permissions/schemas/schema.json +++ b/plugins/notification/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/os/permissions/autogenerated/reference.md b/plugins/os/permissions/autogenerated/reference.md index 73d43e51e..cab95f161 100644 --- a/plugins/os/permissions/autogenerated/reference.md +++ b/plugins/os/permissions/autogenerated/reference.md @@ -1,22 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-arch`|Enables the arch command without any pre-configured scope.| -|`deny-arch`|Denies the arch command without any pre-configured scope.| -|`allow-exe-extension`|Enables the exe_extension command without any pre-configured scope.| -|`deny-exe-extension`|Denies the exe_extension command without any pre-configured scope.| -|`allow-family`|Enables the family command without any pre-configured scope.| -|`deny-family`|Denies the family command without any pre-configured scope.| -|`allow-hostname`|Enables the hostname command without any pre-configured scope.| -|`deny-hostname`|Denies the hostname command without any pre-configured scope.| -|`allow-locale`|Enables the locale command without any pre-configured scope.| -|`deny-locale`|Denies the locale command without any pre-configured scope.| -|`allow-os-type`|Enables the os_type command without any pre-configured scope.| -|`deny-os-type`|Denies the os_type command without any pre-configured scope.| -|`allow-platform`|Enables the platform command without any pre-configured scope.| -|`deny-platform`|Denies the platform command without any pre-configured scope.| -|`allow-version`|Enables the version command without any pre-configured scope.| -|`deny-version`|Denies the version command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which operating system information are available to gather from the frontend. @@ -24,4 +8,230 @@ to gather from the frontend. All information except the host name are available. -| + + +- `allow-arch` +- `allow-exe-extension` +- `allow-family` +- `allow-locale` +- `allow-os-type` +- `allow-platform` +- `allow-version` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`os:allow-arch` + + + +Enables the arch command without any pre-configured scope. + +
+ +`os:deny-arch` + + + +Denies the arch command without any pre-configured scope. + +
+ +`os:allow-exe-extension` + + + +Enables the exe_extension command without any pre-configured scope. + +
+ +`os:deny-exe-extension` + + + +Denies the exe_extension command without any pre-configured scope. + +
+ +`os:allow-family` + + + +Enables the family command without any pre-configured scope. + +
+ +`os:deny-family` + + + +Denies the family command without any pre-configured scope. + +
+ +`os:allow-hostname` + + + +Enables the hostname command without any pre-configured scope. + +
+ +`os:deny-hostname` + + + +Denies the hostname command without any pre-configured scope. + +
+ +`os:allow-locale` + + + +Enables the locale command without any pre-configured scope. + +
+ +`os:deny-locale` + + + +Denies the locale command without any pre-configured scope. + +
+ +`os:allow-os-type` + + + +Enables the os_type command without any pre-configured scope. + +
+ +`os:deny-os-type` + + + +Denies the os_type command without any pre-configured scope. + +
+ +`os:allow-platform` + + + +Enables the platform command without any pre-configured scope. + +
+ +`os:deny-platform` + + + +Denies the platform command without any pre-configured scope. + +
+ +`os:allow-version` + + + +Enables the version command without any pre-configured scope. + +
+ +`os:deny-version` + + + +Denies the version command without any pre-configured scope. + +
diff --git a/plugins/os/permissions/schemas/schema.json b/plugins/os/permissions/schemas/schema.json index 5359f36cc..3d069d188 100644 --- a/plugins/os/permissions/schemas/schema.json +++ b/plugins/os/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/positioner/permissions/autogenerated/reference.md b/plugins/positioner/permissions/autogenerated/reference.md index b373d4fae..d7fa07ecd 100644 --- a/plugins/positioner/permissions/autogenerated/reference.md +++ b/plugins/positioner/permissions/autogenerated/reference.md @@ -1,5 +1,41 @@ -| Permission | Description | -|------|-----| -|`allow-move-window`|Enables the move_window command without any pre-configured scope.| -|`deny-move-window`|Denies the move_window command without any pre-configured scope.| -|`default`|Allows the move_window command| +## Default Permission + +Allows the move_window command + +- `allow-move-window` + +### Permission Table + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`positioner:allow-move-window` + + + +Enables the move_window command without any pre-configured scope. + +
+ +`positioner:deny-move-window` + + + +Denies the move_window command without any pre-configured scope. + +
diff --git a/plugins/positioner/permissions/schemas/schema.json b/plugins/positioner/permissions/schemas/schema.json index 7cf674b95..9a70b8472 100644 --- a/plugins/positioner/permissions/schemas/schema.json +++ b/plugins/positioner/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/process/permissions/autogenerated/reference.md b/plugins/process/permissions/autogenerated/reference.md index 949bf6ac2..7ae1b4ba3 100644 --- a/plugins/process/permissions/autogenerated/reference.md +++ b/plugins/process/permissions/autogenerated/reference.md @@ -1,14 +1,75 @@ -| Permission | Description | -|------|-----| -|`allow-exit`|Enables the exit command without any pre-configured scope.| -|`deny-exit`|Denies the exit command without any pre-configured scope.| -|`allow-restart`|Enables the restart command without any pre-configured scope.| -|`deny-restart`|Denies the restart command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which process feeatures are by default exposed. #### Granted Permissions This enables to quit via `allow-exit` and restart via `allow-restart` the application. -| + + +- `allow-exit` +- `allow-restart` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`process:allow-exit` + + + +Enables the exit command without any pre-configured scope. + +
+ +`process:deny-exit` + + + +Denies the exit command without any pre-configured scope. + +
+ +`process:allow-restart` + + + +Enables the restart command without any pre-configured scope. + +
+ +`process:deny-restart` + + + +Denies the restart command without any pre-configured scope. + +
diff --git a/plugins/process/permissions/schemas/schema.json b/plugins/process/permissions/schemas/schema.json index 3dc97704b..55b9dd9fe 100644 --- a/plugins/process/permissions/schemas/schema.json +++ b/plugins/process/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/shell/permissions/autogenerated/reference.md b/plugins/shell/permissions/autogenerated/reference.md index 00af0dc4c..157e67bf6 100644 --- a/plugins/shell/permissions/autogenerated/reference.md +++ b/plugins/shell/permissions/autogenerated/reference.md @@ -1,16 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-execute`|Enables the execute command without any pre-configured scope.| -|`deny-execute`|Denies the execute command without any pre-configured scope.| -|`allow-kill`|Enables the kill command without any pre-configured scope.| -|`deny-kill`|Denies the kill command without any pre-configured scope.| -|`allow-open`|Enables the open command without any pre-configured scope.| -|`deny-open`|Denies the open command without any pre-configured scope.| -|`allow-spawn`|Enables the spawn command without any pre-configured scope.| -|`deny-spawn`|Denies the spawn command without any pre-configured scope.| -|`allow-stdin-write`|Enables the stdin_write command without any pre-configured scope.| -|`deny-stdin-write`|Denies the stdin_write command without any pre-configured scope.| -|`default`|This permission set configures which +## Default Permission + +This permission set configures which shell functionality is exposed by default. #### Granted Permissions @@ -18,4 +8,146 @@ shell functionality is exposed by default. It allows to use the `open` functionality without any specific scope pre-configured. It will allow opening `http(s)://`, `tel:` and `mailto:` links. -| + + +- `allow-open` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`shell:allow-execute` + + + +Enables the execute command without any pre-configured scope. + +
+ +`shell:deny-execute` + + + +Denies the execute command without any pre-configured scope. + +
+ +`shell:allow-kill` + + + +Enables the kill command without any pre-configured scope. + +
+ +`shell:deny-kill` + + + +Denies the kill command without any pre-configured scope. + +
+ +`shell:allow-open` + + + +Enables the open command without any pre-configured scope. + +
+ +`shell:deny-open` + + + +Denies the open command without any pre-configured scope. + +
+ +`shell:allow-spawn` + + + +Enables the spawn command without any pre-configured scope. + +
+ +`shell:deny-spawn` + + + +Denies the spawn command without any pre-configured scope. + +
+ +`shell:allow-stdin-write` + + + +Enables the stdin_write command without any pre-configured scope. + +
+ +`shell:deny-stdin-write` + + + +Denies the stdin_write command without any pre-configured scope. + +
diff --git a/plugins/shell/permissions/schemas/schema.json b/plugins/shell/permissions/schemas/schema.json index 9730ecc72..93c399568 100644 --- a/plugins/shell/permissions/schemas/schema.json +++ b/plugins/shell/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/single-instance/src/platform_impl/linux.rs b/plugins/single-instance/src/platform_impl/linux.rs index 59586d26c..3136074f3 100644 --- a/plugins/single-instance/src/platform_impl/linux.rs +++ b/plugins/single-instance/src/platform_impl/linux.rs @@ -2,8 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: MIT -#![cfg(target_os = "linux")] - #[cfg(feature = "semver")] use crate::semver_compat::semver_compat_string; diff --git a/plugins/single-instance/src/platform_impl/macos.rs b/plugins/single-instance/src/platform_impl/macos.rs index db9d558ee..8f35d76c8 100644 --- a/plugins/single-instance/src/platform_impl/macos.rs +++ b/plugins/single-instance/src/platform_impl/macos.rs @@ -2,8 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: MIT -#![cfg(target_os = "macos")] - use std::{ io::{BufWriter, Error, ErrorKind, Read, Write}, os::unix::net::{UnixListener, UnixStream}, diff --git a/plugins/single-instance/src/platform_impl/windows.rs b/plugins/single-instance/src/platform_impl/windows.rs index d7a5b4721..d5ff3b8ba 100644 --- a/plugins/single-instance/src/platform_impl/windows.rs +++ b/plugins/single-instance/src/platform_impl/windows.rs @@ -2,8 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: MIT -#![cfg(target_os = "windows")] - #[cfg(feature = "semver")] use crate::semver_compat::semver_compat_string; diff --git a/plugins/sql/Cargo.toml b/plugins/sql/Cargo.toml index 2def49325..bc48e385d 100644 --- a/plugins/sql/Cargo.toml +++ b/plugins/sql/Cargo.toml @@ -30,6 +30,7 @@ tokio = { version = "1", features = [ "sync" ] } indexmap = { version = "2.2.6", features = [ "serde" ] } [features] +default = ["sqlite"] sqlite = [ "sqlx/sqlite", "sqlx/runtime-tokio" ] mysql = [ "sqlx/mysql", "sqlx/runtime-tokio-rustls" ] postgres = [ "sqlx/postgres", "sqlx/runtime-tokio-rustls" ] diff --git a/plugins/sql/permissions/autogenerated/reference.md b/plugins/sql/permissions/autogenerated/reference.md index bbaa7b8eb..718a173f1 100644 --- a/plugins/sql/permissions/autogenerated/reference.md +++ b/plugins/sql/permissions/autogenerated/reference.md @@ -1,14 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-close`|Enables the close command without any pre-configured scope.| -|`deny-close`|Denies the close command without any pre-configured scope.| -|`allow-execute`|Enables the execute command without any pre-configured scope.| -|`deny-execute`|Denies the execute command without any pre-configured scope.| -|`allow-load`|Enables the load command without any pre-configured scope.| -|`deny-load`|Denies the load command without any pre-configured scope.| -|`allow-select`|Enables the select command without any pre-configured scope.| -|`deny-select`|Denies the select command without any pre-configured scope.| -|`default`|# Tauri SQL Default Permissions +## Default Permission + +# Tauri SQL Default Permissions This permission set configures what kind of database operations are available from the sql plugin. @@ -18,4 +10,122 @@ database operations are available from the sql plugin. All reading related operations are enabled. Also allows to load or close a connection. -| + + +- `allow-close` +- `allow-load` +- `allow-select` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`sql:allow-close` + + + +Enables the close command without any pre-configured scope. + +
+ +`sql:deny-close` + + + +Denies the close command without any pre-configured scope. + +
+ +`sql:allow-execute` + + + +Enables the execute command without any pre-configured scope. + +
+ +`sql:deny-execute` + + + +Denies the execute command without any pre-configured scope. + +
+ +`sql:allow-load` + + + +Enables the load command without any pre-configured scope. + +
+ +`sql:deny-load` + + + +Denies the load command without any pre-configured scope. + +
+ +`sql:allow-select` + + + +Enables the select command without any pre-configured scope. + +
+ +`sql:deny-select` + + + +Denies the select command without any pre-configured scope. + +
diff --git a/plugins/sql/permissions/schemas/schema.json b/plugins/sql/permissions/schemas/schema.json index 417e565df..9b1988f5a 100644 --- a/plugins/sql/permissions/schemas/schema.json +++ b/plugins/sql/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/store/permissions/autogenerated/reference.md b/plugins/store/permissions/autogenerated/reference.md index bab6429d7..9b54940b0 100644 --- a/plugins/store/permissions/autogenerated/reference.md +++ b/plugins/store/permissions/autogenerated/reference.md @@ -1,34 +1,345 @@ -| Permission | Description | -|------|-----| -|`allow-clear`|Enables the clear command without any pre-configured scope.| -|`deny-clear`|Denies the clear command without any pre-configured scope.| -|`allow-delete`|Enables the delete command without any pre-configured scope.| -|`deny-delete`|Denies the delete command without any pre-configured scope.| -|`allow-entries`|Enables the entries command without any pre-configured scope.| -|`deny-entries`|Denies the entries command without any pre-configured scope.| -|`allow-get`|Enables the get command without any pre-configured scope.| -|`deny-get`|Denies the get command without any pre-configured scope.| -|`allow-has`|Enables the has command without any pre-configured scope.| -|`deny-has`|Denies the has command without any pre-configured scope.| -|`allow-keys`|Enables the keys command without any pre-configured scope.| -|`deny-keys`|Denies the keys command without any pre-configured scope.| -|`allow-length`|Enables the length command without any pre-configured scope.| -|`deny-length`|Denies the length command without any pre-configured scope.| -|`allow-load`|Enables the load command without any pre-configured scope.| -|`deny-load`|Denies the load command without any pre-configured scope.| -|`allow-reset`|Enables the reset command without any pre-configured scope.| -|`deny-reset`|Denies the reset command without any pre-configured scope.| -|`allow-save`|Enables the save command without any pre-configured scope.| -|`deny-save`|Denies the save command without any pre-configured scope.| -|`allow-set`|Enables the set command without any pre-configured scope.| -|`deny-set`|Denies the set command without any pre-configured scope.| -|`allow-values`|Enables the values command without any pre-configured scope.| -|`deny-values`|Denies the values command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of operations are available from the store plugin. #### Granted Permissions All operations are enabled by default. -| + + +- `allow-clear` +- `allow-delete` +- `allow-entries` +- `allow-get` +- `allow-has` +- `allow-keys` +- `allow-length` +- `allow-load` +- `allow-reset` +- `allow-save` +- `allow-set` +- `allow-values` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`store:allow-clear` + + + +Enables the clear command without any pre-configured scope. + +
+ +`store:deny-clear` + + + +Denies the clear command without any pre-configured scope. + +
+ +`store:allow-delete` + + + +Enables the delete command without any pre-configured scope. + +
+ +`store:deny-delete` + + + +Denies the delete command without any pre-configured scope. + +
+ +`store:allow-entries` + + + +Enables the entries command without any pre-configured scope. + +
+ +`store:deny-entries` + + + +Denies the entries command without any pre-configured scope. + +
+ +`store:allow-get` + + + +Enables the get command without any pre-configured scope. + +
+ +`store:deny-get` + + + +Denies the get command without any pre-configured scope. + +
+ +`store:allow-has` + + + +Enables the has command without any pre-configured scope. + +
+ +`store:deny-has` + + + +Denies the has command without any pre-configured scope. + +
+ +`store:allow-keys` + + + +Enables the keys command without any pre-configured scope. + +
+ +`store:deny-keys` + + + +Denies the keys command without any pre-configured scope. + +
+ +`store:allow-length` + + + +Enables the length command without any pre-configured scope. + +
+ +`store:deny-length` + + + +Denies the length command without any pre-configured scope. + +
+ +`store:allow-load` + + + +Enables the load command without any pre-configured scope. + +
+ +`store:deny-load` + + + +Denies the load command without any pre-configured scope. + +
+ +`store:allow-reset` + + + +Enables the reset command without any pre-configured scope. + +
+ +`store:deny-reset` + + + +Denies the reset command without any pre-configured scope. + +
+ +`store:allow-save` + + + +Enables the save command without any pre-configured scope. + +
+ +`store:deny-save` + + + +Denies the save command without any pre-configured scope. + +
+ +`store:allow-set` + + + +Enables the set command without any pre-configured scope. + +
+ +`store:deny-set` + + + +Denies the set command without any pre-configured scope. + +
+ +`store:allow-values` + + + +Enables the values command without any pre-configured scope. + +
+ +`store:deny-values` + + + +Denies the values command without any pre-configured scope. + +
diff --git a/plugins/store/permissions/schemas/schema.json b/plugins/store/permissions/schemas/schema.json index 70c5986bf..01b67fe1f 100644 --- a/plugins/store/permissions/schemas/schema.json +++ b/plugins/store/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/stronghold/permissions/autogenerated/reference.md b/plugins/stronghold/permissions/autogenerated/reference.md index 29b981eac..80f814952 100644 --- a/plugins/stronghold/permissions/autogenerated/reference.md +++ b/plugins/stronghold/permissions/autogenerated/reference.md @@ -1,32 +1,315 @@ -| Permission | Description | -|------|-----| -|`allow-create-client`|Enables the create_client command without any pre-configured scope.| -|`deny-create-client`|Denies the create_client command without any pre-configured scope.| -|`allow-destroy`|Enables the destroy command without any pre-configured scope.| -|`deny-destroy`|Denies the destroy command without any pre-configured scope.| -|`allow-execute-procedure`|Enables the execute_procedure command without any pre-configured scope.| -|`deny-execute-procedure`|Denies the execute_procedure command without any pre-configured scope.| -|`allow-get-store-record`|Enables the get_store_record command without any pre-configured scope.| -|`deny-get-store-record`|Denies the get_store_record command without any pre-configured scope.| -|`allow-initialize`|Enables the initialize command without any pre-configured scope.| -|`deny-initialize`|Denies the initialize command without any pre-configured scope.| -|`allow-load-client`|Enables the load_client command without any pre-configured scope.| -|`deny-load-client`|Denies the load_client command without any pre-configured scope.| -|`allow-remove-secret`|Enables the remove_secret command without any pre-configured scope.| -|`deny-remove-secret`|Denies the remove_secret command without any pre-configured scope.| -|`allow-remove-store-record`|Enables the remove_store_record command without any pre-configured scope.| -|`deny-remove-store-record`|Denies the remove_store_record command without any pre-configured scope.| -|`allow-save`|Enables the save command without any pre-configured scope.| -|`deny-save`|Denies the save command without any pre-configured scope.| -|`allow-save-secret`|Enables the save_secret command without any pre-configured scope.| -|`deny-save-secret`|Denies the save_secret command without any pre-configured scope.| -|`allow-save-store-record`|Enables the save_store_record command without any pre-configured scope.| -|`deny-save-store-record`|Denies the save_store_record command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of operations are available from the stronghold plugin. #### Granted Permissions All non-destructive operations are enabled by default. -| + + +- `allow-create-client` +- `allow-get-store-record` +- `allow-initialize` +- `allow-execute-procedure` +- `allow-load-client` +- `allow-save-secret` +- `allow-save-store-record` +- `allow-save` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`stronghold:allow-create-client` + + + +Enables the create_client command without any pre-configured scope. + +
+ +`stronghold:deny-create-client` + + + +Denies the create_client command without any pre-configured scope. + +
+ +`stronghold:allow-destroy` + + + +Enables the destroy command without any pre-configured scope. + +
+ +`stronghold:deny-destroy` + + + +Denies the destroy command without any pre-configured scope. + +
+ +`stronghold:allow-execute-procedure` + + + +Enables the execute_procedure command without any pre-configured scope. + +
+ +`stronghold:deny-execute-procedure` + + + +Denies the execute_procedure command without any pre-configured scope. + +
+ +`stronghold:allow-get-store-record` + + + +Enables the get_store_record command without any pre-configured scope. + +
+ +`stronghold:deny-get-store-record` + + + +Denies the get_store_record command without any pre-configured scope. + +
+ +`stronghold:allow-initialize` + + + +Enables the initialize command without any pre-configured scope. + +
+ +`stronghold:deny-initialize` + + + +Denies the initialize command without any pre-configured scope. + +
+ +`stronghold:allow-load-client` + + + +Enables the load_client command without any pre-configured scope. + +
+ +`stronghold:deny-load-client` + + + +Denies the load_client command without any pre-configured scope. + +
+ +`stronghold:allow-remove-secret` + + + +Enables the remove_secret command without any pre-configured scope. + +
+ +`stronghold:deny-remove-secret` + + + +Denies the remove_secret command without any pre-configured scope. + +
+ +`stronghold:allow-remove-store-record` + + + +Enables the remove_store_record command without any pre-configured scope. + +
+ +`stronghold:deny-remove-store-record` + + + +Denies the remove_store_record command without any pre-configured scope. + +
+ +`stronghold:allow-save` + + + +Enables the save command without any pre-configured scope. + +
+ +`stronghold:deny-save` + + + +Denies the save command without any pre-configured scope. + +
+ +`stronghold:allow-save-secret` + + + +Enables the save_secret command without any pre-configured scope. + +
+ +`stronghold:deny-save-secret` + + + +Denies the save_secret command without any pre-configured scope. + +
+ +`stronghold:allow-save-store-record` + + + +Enables the save_store_record command without any pre-configured scope. + +
+ +`stronghold:deny-save-store-record` + + + +Denies the save_store_record command without any pre-configured scope. + +
diff --git a/plugins/stronghold/permissions/schemas/schema.json b/plugins/stronghold/permissions/schemas/schema.json index e01eab994..84d7ad479 100644 --- a/plugins/stronghold/permissions/schemas/schema.json +++ b/plugins/stronghold/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/updater/permissions/autogenerated/reference.md b/plugins/updater/permissions/autogenerated/reference.md index a2d74addf..0137b4df4 100644 --- a/plugins/updater/permissions/autogenerated/reference.md +++ b/plugins/updater/permissions/autogenerated/reference.md @@ -1,14 +1,6 @@ -| Permission | Description | -|------|-----| -|`allow-check`|Enables the check command without any pre-configured scope.| -|`deny-check`|Denies the check command without any pre-configured scope.| -|`allow-download`|Enables the download command without any pre-configured scope.| -|`deny-download`|Denies the download command without any pre-configured scope.| -|`allow-download-and-install`|Enables the download_and_install command without any pre-configured scope.| -|`deny-download-and-install`|Denies the download_and_install command without any pre-configured scope.| -|`allow-install`|Enables the install command without any pre-configured scope.| -|`deny-install`|Denies the install command without any pre-configured scope.| -|`default`|This permission set configures which kind of +## Default Permission + +This permission set configures which kind of updater functions are exposed to the frontend. #### Granted Permissions @@ -16,4 +8,123 @@ updater functions are exposed to the frontend. The full workflow from checking for updates to installing them is enabled. -| + + +- `allow-check` +- `allow-download` +- `allow-install` +- `allow-download-and-install` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`updater:allow-check` + + + +Enables the check command without any pre-configured scope. + +
+ +`updater:deny-check` + + + +Denies the check command without any pre-configured scope. + +
+ +`updater:allow-download` + + + +Enables the download command without any pre-configured scope. + +
+ +`updater:deny-download` + + + +Denies the download command without any pre-configured scope. + +
+ +`updater:allow-download-and-install` + + + +Enables the download_and_install command without any pre-configured scope. + +
+ +`updater:deny-download-and-install` + + + +Denies the download_and_install command without any pre-configured scope. + +
+ +`updater:allow-install` + + + +Enables the install command without any pre-configured scope. + +
+ +`updater:deny-install` + + + +Denies the install command without any pre-configured scope. + +
diff --git a/plugins/updater/permissions/schemas/schema.json b/plugins/updater/permissions/schemas/schema.json index b6eacc0ae..9d1671f1f 100644 --- a/plugins/updater/permissions/schemas/schema.json +++ b/plugins/updater/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/upload/permissions/autogenerated/reference.md b/plugins/upload/permissions/autogenerated/reference.md index 2ad3df814..b7ca687f9 100644 --- a/plugins/upload/permissions/autogenerated/reference.md +++ b/plugins/upload/permissions/autogenerated/reference.md @@ -1,14 +1,75 @@ -| Permission | Description | -|------|-----| -|`allow-download`|Enables the download command without any pre-configured scope.| -|`deny-download`|Denies the download command without any pre-configured scope.| -|`allow-upload`|Enables the upload command without any pre-configured scope.| -|`deny-upload`|Denies the upload command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of operations are available from the upload plugin. #### Granted Permissions All operations are enabled by default. -| + + +- `allow-upload` +- `allow-download` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`upload:allow-download` + + + +Enables the download command without any pre-configured scope. + +
+ +`upload:deny-download` + + + +Denies the download command without any pre-configured scope. + +
+ +`upload:allow-upload` + + + +Enables the upload command without any pre-configured scope. + +
+ +`upload:deny-upload` + + + +Denies the upload command without any pre-configured scope. + +
diff --git a/plugins/upload/permissions/schemas/schema.json b/plugins/upload/permissions/schemas/schema.json index d0b242193..30e93b6e8 100644 --- a/plugins/upload/permissions/schemas/schema.json +++ b/plugins/upload/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/websocket/permissions/autogenerated/reference.md b/plugins/websocket/permissions/autogenerated/reference.md index fe0b0727c..48ce4ec2f 100644 --- a/plugins/websocket/permissions/autogenerated/reference.md +++ b/plugins/websocket/permissions/autogenerated/reference.md @@ -1,7 +1,68 @@ -| Permission | Description | -|------|-----| -|`allow-connect`|Enables the connect command without any pre-configured scope.| -|`deny-connect`|Denies the connect command without any pre-configured scope.| -|`allow-send`|Enables the send command without any pre-configured scope.| -|`deny-send`|Denies the send command without any pre-configured scope.| -|`default`|Allows connecting and sending data to a WebSocket server| +## Default Permission + +Allows connecting and sending data to a WebSocket server + +- `allow-connect` +- `allow-send` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`websocket:allow-connect` + + + +Enables the connect command without any pre-configured scope. + +
+ +`websocket:deny-connect` + + + +Denies the connect command without any pre-configured scope. + +
+ +`websocket:allow-send` + + + +Enables the send command without any pre-configured scope. + +
+ +`websocket:deny-send` + + + +Denies the send command without any pre-configured scope. + +
diff --git a/plugins/websocket/permissions/schemas/schema.json b/plugins/websocket/permissions/schemas/schema.json index 35fb7fb7e..62ceff2cf 100644 --- a/plugins/websocket/permissions/schemas/schema.json +++ b/plugins/websocket/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null" diff --git a/plugins/window-state/permissions/autogenerated/reference.md b/plugins/window-state/permissions/autogenerated/reference.md index 7a0f628e3..5875fe759 100644 --- a/plugins/window-state/permissions/autogenerated/reference.md +++ b/plugins/window-state/permissions/autogenerated/reference.md @@ -1,16 +1,102 @@ -| Permission | Description | -|------|-----| -|`allow-filename`|Enables the filename command without any pre-configured scope.| -|`deny-filename`|Denies the filename command without any pre-configured scope.| -|`allow-restore-state`|Enables the restore_state command without any pre-configured scope.| -|`deny-restore-state`|Denies the restore_state command without any pre-configured scope.| -|`allow-save-window-state`|Enables the save_window_state command without any pre-configured scope.| -|`deny-save-window-state`|Denies the save_window_state command without any pre-configured scope.| -|`default`|This permission set configures what kind of +## Default Permission + +This permission set configures what kind of operations are available from the window state plugin. #### Granted Permissions All operations are enabled by default. -| + + +- `allow-filename` +- `allow-restore-state` +- `allow-save-window-state` + +### Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`window-state:allow-filename` + + + +Enables the filename command without any pre-configured scope. + +
+ +`window-state:deny-filename` + + + +Denies the filename command without any pre-configured scope. + +
+ +`window-state:allow-restore-state` + + + +Enables the restore_state command without any pre-configured scope. + +
+ +`window-state:deny-restore-state` + + + +Denies the restore_state command without any pre-configured scope. + +
+ +`window-state:allow-save-window-state` + + + +Enables the save_window_state command without any pre-configured scope. + +
+ +`window-state:deny-save-window-state` + + + +Denies the save_window_state command without any pre-configured scope. + +
diff --git a/plugins/window-state/permissions/schemas/schema.json b/plugins/window-state/permissions/schemas/schema.json index 008bdcb7c..1b23652dd 100644 --- a/plugins/window-state/permissions/schemas/schema.json +++ b/plugins/window-state/permissions/schemas/schema.json @@ -49,7 +49,7 @@ "minimum": 1.0 }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -111,7 +111,7 @@ "type": "string" }, "description": { - "description": "Human-readable description of what the permission does.", + "description": "Human-readable description of what the permission does. Tauri internal convention is to use

headings in markdown content for Tauri documentation generation purposes.", "type": [ "string", "null" @@ -172,7 +172,7 @@ } }, "Scopes": { - "description": "A restriction of the command/endpoint functionality.\n\nIt can be of any serde serializable type and is used for allowing or preventing certain actions inside a Tauri command.\n\nThe scope is passed to the command and handled/enforced by the command itself.", + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", "type": "object", "properties": { "allow": { @@ -186,7 +186,7 @@ } }, "deny": { - "description": "Data that defines what is denied by the scope.", + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", "type": [ "array", "null"