Command Scopes
A scope is a granular way to define (dis)allowed behavior of a Tauri command.
Scopes are categorized into allow
or deny
scopes, where deny
always
superseeds the allow
scope.
The scope type needs be of any serde
serializable type.
These types are plugin-specific in general. For scoped commands implemented in a Tauri application
the scope type needs to be defined in the application and then enforced in the command implementation.
For instance, the Fs
plugin allows you to use scopes to allow or deny certain directories and files
and the http
plugin uses scopes to filter URLs that are allowed to be reached.
The scope is passed to the command and handling or properly enforcing is implemented by the command itself.
Examples
These examples are taken from the Fs
plugin permissions:
The scope type in this plugin for all commands is a string,
which contains a glob
compatible path.
The above scopes can be used to allow access to the APPLOCALDATA
folder, while
preventing access to the EBWebView
subfolder on windows, which contains sensitive webview data.
These can merged into a set, which reduces duplicate configuration and makes it more understandable for anyone looking into the application configuration.
First the deny scopes are merged into deny-default
:
Afterwards deny and allow scopes are merged:
These scopes can be either used for all commands, by extending the global scope of the plugin, or for only selected commans when they are used in combination with a enabled command inside a permission.
Reasonable read only file access to files in the APPLOCALDATA
could look like this:
These examples only highlight the scope functionality itself. Each plugin or application developer needs to consider reasonable combinations of scope depending on their use cases.
© 2024 Tauri Contributors. CC-BY / MIT