文件系统

API Reference

访问文件系统。

¥Access the file system.

支持的平台

¥Supported Platforms

This plugin requires a Rust version of at least 1.77.2

Platform	Level	Notes
windows		Apps installed via MSI or NSIS in `perMachine` and `both` mode require admin permissions for write acces in `$RESOURCES` folder
linux		No write access to `$RESOURCES` folder
macos		No write access to `$RESOURCES` folder
android		Access is restricted to Application folder by default
ios		Access is restricted to Application folder by default

设置

¥Setup

安装 fs 插件即可开始使用。

¥Install the fs plugin to get started.

Automatic
Manual

使用项目的包管理器添加依赖：

¥Use your project’s package manager to add the dependency:

npm run tauri add fs

yarn run tauri add fs

pnpm tauri add fs

deno task tauri add fs

bun tauri add fs

cargo tauri add fs

Run the following command in the src-tauri folder to add the plugin to the project’s dependencies in Cargo.toml:
```
cargo add tauri-plugin-fs
```

Modify lib.rs to initialize the plugin:

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
  tauri::Builder::default()
    .plugin(tauri_plugin_fs::init())
    .run(tauri::generate_context!())
    .expect("error while running tauri application");
}

Install the JavaScript Guest bindings using your preferred JavaScript package manager:

npm install @tauri-apps/plugin-fs

yarn add @tauri-apps/plugin-fs

pnpm add @tauri-apps/plugin-fs

deno add npm:@tauri-apps/plugin-fs

bun add @tauri-apps/plugin-fs

配置

¥Configuration

Android

使用音频、缓存、文档、下载、图片、公共或视频目录时，你的应用必须有权访问外部存储。

¥When using the audio, cache, documents, downloads, picture, public or video directories your app must have access to the external storage.

在 gen/android/app/src/main/AndroidManifest.xml 文件中对 manifest 标记包含以下权限：

¥Include the following permissions to the manifest tag in the gen/android/app/src/main/AndroidManifest.xml file:

<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

iOS

Apple 要求应用开发者指定 API 使用批准的原因，以增强用户隐私。

¥Apple requires app developers to specify approved reasons for API usage to enhance user privacy.

你必须在 src-tauri/gen/apple 文件夹中创建一个 PrivacyInfo.xcprivacy 文件，其中包含所需的 NSPrivacyAccessedAPICategoryFileTimestamp 密钥和 C617.1 推荐原因。

¥You must create a PrivacyInfo.xcprivacy file in the src-tauri/gen/apple folder with the required NSPrivacyAccessedAPICategoryFileTimestamp key and the C617.1 recommended reason.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>C617.1</string>
        </array>
      </dict>
    </array>
  </dict>
</plist>

使用

¥Usage

fs 插件在 JavaScript 和 Rust 中均可用。

¥The fs plugin is available in both JavaScript and Rust.

JavaScript
Rust

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
// when using `"withGlobalTauri": true`, you may use
// const { exists, BaseDirectory } = window.__TAURI__.fs;

// Check if the `$APPDATA/avatar.png` file exists
await exists('avatar.png', { baseDir: BaseDirectory.AppData });

use tauri_plugin_fs::FsExt;

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
  tauri::Builder::default()
      .plugin(tauri_plugin_fs::init())
      .setup(|app| {
          // allowed the given directory
          let scope = app.fs_scope();
          scope.allow_directory("/path/to/directory", false);
          dbg!(scope.allowed());

          Ok(())
       })
       .run(tauri::generate_context!())
       .expect("error while running tauri application");
}

安全

¥Security

此模块可防止路径遍历，不允许使用父目录访问器（即不允许使用 “/usr/path/to/../file” 或 ”../path/to/file” 路径）。使用此 API 访问的路径必须与基本目录之一相关或使用路径 API 创建。

¥This module prevents path traversal, not allowing parent directory accessors to be used (i.e. “/usr/path/to/../file” or ”../path/to/file” paths are not allowed). Paths accessed with this API must be either relative to one of the base directories or created with the path API.

有关更多信息，请参阅 @tauri-apps/plugin-fs - 安全。

¥See @tauri-apps/plugin-fs - Security for more information.

路径

¥Paths

文件系统插件提供了两种操作路径的方法：基本目录和路径 API。

¥The file system plugin offers two ways of manipulating paths: the base directory and the path API.

基本目录

¥base directory

每个 API 都有一个选项参数，可让你定义一个 baseDir，作为操作的工作目录。

¥Every API has an options argument that lets you define a baseDir that acts as the working directory of the operation.
```
import { readFile } from '@tauri-apps/plugin-fs';
const contents = await readFile('avatars/tauri.png', {
  baseDir: BaseDirectory.Home,
});
```
在上面的例子中，由于我们使用的是 Home 基础目录，因此读取了 ~/avatars/tauri.png 文件。

¥In the above example the ~/avatars/tauri.png file is read since we are using the Home base directory.

路径 API

¥path API

或者，你可以使用路径 API 来执行路径操作。

¥Alternatively you can use the path APIs to perform path manipulations.

import { readFile } from '@tauri-apps/plugin-fs';
import * as path from '@tauri-apps/api/path';
const home = await path.homeDir();
const contents = await readFile(await path.join(home, 'avatars/tauri.png'));

文件

¥Files

创建

¥Create

创建一个文件并返回它的句柄。如果文件已存在，则将其截断。

¥Creates a file and returns a handle to it. If the file already exists, it is truncated.

import { create, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await create('foo/bar.txt', { baseDir: BaseDirectory.AppData });
await file.write(new TextEncoder().encode('Hello world'));
await file.close();

:::note 注意

操作完文件后，请始终调用 file.close()。

¥Always call file.close() when you are done manipulating the file.

:::

写入

¥Write

该插件提供单独的 API 用于写入文本和二进制文件以提高性能。

¥The plugin offers separate APIs for writing text and binary files for performance.

文本文件

¥text files

import { writeTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const contents = JSON.stringify({ notifications: true });
await writeTextFile('config.json', contents, {
  baseDir: BaseDirectory.AppConfig,
});

二进制文件

¥binary files

import { writeFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const contents = new Uint8Array(); // fill a byte array
await writeFile('config', contents, {
  baseDir: BaseDirectory.AppConfig,
});

打开

¥Open

打开一个文件并返回它的句柄。使用此 API，你可以更好地控制文件的打开方式（只读模式、只写模式、附加而不是覆盖、仅在不存在时创建等）。

¥Opens a file and returns a handle to it. With this API you have more control over how the file should be opened (read-only mode, write-only mode, append instead of overwrite, only create if it does not exist, etc).

:::note 注意

操作完文件后，请始终调用 file.close()。

¥Always call file.close() when you are done manipulating the file.

:::

read-only

这是默认模式。

¥This is the default mode.

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  read: true,
  baseDir: BaseDirectory.AppData,
});

const stat = await file.stat();
const buf = new Uint8Array(stat.size);
await file.read(buf);
const textContents = new TextDecoder().decode(buf);
await file.close();

write-only
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('Hello world'));
await file.close();
```
默认情况下，文件在任何 file.write() 调用中都会被截断。请参阅以下示例以了解如何附加到现有内容。

¥By default the file is truncated on any file.write() call. See the following example to learn how to append to the existing contents instead.

append

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  append: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();

请注意，{ append: true } 与 { write: true, append: true } 具有相同的效果。

¥Note that { append: true } has the same effect as { write: true, append: true }.

truncate

当设置了 truncate 选项并且文件已经存在时，它将被截断为长度 0。

¥When the truncate option is set and the file already exists, it will be truncated to length 0.
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  truncate: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();
```
此选项要求 write 为 true。

¥This option requires write to be true.

如果你想使用多个 file.write() 调用重写现有文件，则可以将其与 append 选项一起使用。

¥You can use it along the append option if you want to rewrite an existing file using multiple file.write() calls.
create

默认情况下，open API 仅打开现有文件。要创建文件（如果不存在）并打开它（如果存在），请将 create 设置为 true：

¥By default the open API only opens existing files. To create the file if it does not exist, opening it if it does, set create to true:
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  create: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();
```
为了创建文件，还必须将 write 或 append 设置为 true。

¥In order for the file to be created, write or append must also be set to true.

如果文件已存在，则失败，请参阅 createNew。

¥To fail if the file already exists, see createNew.
createNew

createNew 的工作方式与 create 类似，但如果文件不存在，操作将失败。

¥createNew works similarly to create, but if the file does not exist, the operation fails.
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  createNew: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();
```
为了创建文件，还必须将 write 设置为 true。

¥In order for the file to be created, write must also be set to true.

阅读

¥Read

该插件提供单独的 API 用于读取文本和二进制文件以提高性能。

¥The plugin offers separate APIs for reading text and binary files for performance.

文本文件

¥text files

import { readTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const configToml = await readTextFile('config.toml', {
  baseDir: BaseDirectory.AppConfig,
});

如果文件很大，你可以使用 readTextFileLines API 流式传输其行：

¥If the file is large you can stream its lines with the readTextFileLines API:

import { readTextFileLines, BaseDirectory } from '@tauri-apps/plugin-fs';
const lines = await readTextFileLines('app.logs', {
  baseDir: BaseDirectory.AppLog,
});
for await (const line of lines) {
  console.log(line);
}

二进制文件

¥binary files

import { readFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const icon = await readFile('icon.png', {
  baseDir: BaseDirectory.Resources,
});

删除

¥Remove

调用 remove() 删除文件。如果文件不存在，则返回错误。

¥Call remove() to delete a file. If the file does not exist, an error is returned.

import { remove, BaseDirectory } from '@tauri-apps/plugin-fs';
await remove('user.db', { baseDir: BaseDirectory.AppLocalData });

复制

¥Copy

copyFile 函数采用源路径和目标路径。请注意，你必须单独配置每个基本目录。

¥The copyFile function takes the source and destination paths. Note that you must configure each base directory separately.

import { copyFile, BaseDirectory } from '@tauri-apps/plugin-fs';
await copyFile('user.db', 'user.db.bk', {
  fromPathBaseDir: BaseDirectory.AppLocalData,
  toPathBaseDir: BaseDirectory.Temp,
});

在上面的例子中，<app-local-data>/user.db 文件被复制到 $TMPDIR/user.db.bk。

¥In the above example the <app-local-data>/user.db file is copied to $TMPDIR/user.db.bk.

存在

¥Exists

使用 exists() 函数检查文件是否存在：

¥Use the exists() function to check if a file exists:

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
const tokenExists = await exists('token', {
  baseDir: BaseDirectory.AppLocalData,
});

元数据

¥Metadata

可以使用 stat 和 lstat 函数检索文件元数据。stat 遵循符号链接（如果范围不允许它指向的实际文件，则返回错误），而 lstat 不遵循符号链接，返回符号链接本身的信息。

¥File metadata can be retrieved with the stat and the lstat functions. stat follows symlinks (and returns an error if the actual file it points to is not allowed by the scope) and lstat does not follow symlinks, returning the information of the symlink itself.

import { stat, BaseDirectory } from '@tauri-apps/plugin-fs';
const metadata = await stat('app.db', {
  baseDir: BaseDirectory.AppLocalData,
});

重命名

¥Rename

rename 函数采用源路径和目标路径。请注意，你必须单独配置每个基本目录。

¥The rename function takes the source and destination paths. Note that you must configure each base directory separately.

import { rename, BaseDirectory } from '@tauri-apps/plugin-fs';
await rename('user.db.bk', 'user.db', {
  fromPathBaseDir: BaseDirectory.AppLocalData,
  toPathBaseDir: BaseDirectory.Temp,
});

在上面的例子中，<app-local-data>/user.db.bk 文件被重命名为 $TMPDIR/user.db。

¥In the above example the <app-local-data>/user.db.bk file is renamed to $TMPDIR/user.db.

截断

¥Truncate

截断或扩展指定的文件以达到指定的文件长度（默认为 0）。

¥Truncates or extends the specified file to reach the specified file length (defaults to 0).

截断为 0 长度

¥truncate to 0 length

import { truncate } from '@tauri-apps/plugin-fs';
await truncate('my_file.txt', 0, { baseDir: BaseDirectory.AppLocalData });

截断为特定长度

¥truncate to a specific length

import {
  truncate,
  readTextFile,
  writeTextFile,
  BaseDirectory,
} from '@tauri-apps/plugin-fs';

const filePath = 'file.txt';
await writeTextFile(filePath, 'Hello World', {
  baseDir: BaseDirectory.AppLocalData,
});
await truncate(filePath, 7, {
  baseDir: BaseDirectory.AppLocalData,
});
const data = await readTextFile(filePath, {
  baseDir: BaseDirectory.AppLocalData,
});
console.log(data); // "Hello W"

观察变化

¥Watching changes

要监视目录或文件的更改，请使用 watch 或 watchImmediate 函数。

¥To watch a directory or file for changes, use the watch or watchImmediate functions.

watch

watch 已去抖动，因此它仅在一定延迟后触发事件：

¥watch is debounced so it only emits events after a certain delay:

import { watch, BaseDirectory } from '@tauri-apps/plugin-fs';
await watch(
  'app.log',
  (event) => {
    console.log('app.log event', event);
  },
  {
    baseDir: BaseDirectory.AppLog,
    delayMs: 500,
  }
);

watchImmediate

watchImmediate 立即通知事件监听器：

¥watchImmediate immediately notifies listeners of an event:

import { watchImmediate, BaseDirectory } from '@tauri-apps/plugin-fs';
await watchImmediate(
  'logs',
  (event) => {
    console.log('logs directory event', event);
  },
  {
    baseDir: BaseDirectory.AppLog,
    recursive: true,
  }
);

默认情况下，对目录的监视操作不是递归的。将 recursive 选项设置为 true 以递归监视所有子目录上的更改。

¥By default watch operations on a directory are not recursive. Set the recursive option to true to recursively watch for changes on all sub-directories.

:::note 注意

监视功能需要 watch 功能标志：

¥The watch functions require the watch feature flag:

[dependencies]
tauri-plugin-fs = { version = "2.0.0", features = ["watch"] }

:::

权限

¥Permissions

默认情况下，所有潜在危险的插件命令和范围都会被阻止，无法访问。你必须修改 capabilities 配置中的权限才能启用这些权限。

¥By default all potentially dangerous plugin commands and scopes are blocked and cannot be accessed. You must modify the permissions in your capabilities configuration to enable these.

有关更详细的说明，请参阅功能概述。

¥See the Capabilities Overview for more information and the step by step guide to use plugin permissions.

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    "fs:default",
    {
      "identifier": "fs:allow-exists",
      "allow": [{ "path": "$APPDATA/*" }]
    }
  ]
}

Default Permission

This set of permissions describes the what kind of file system access the fs plugin has enabled or denied by default.

Granted Permissions

This default permission set enables read access to the application specific directories (AppConfig, AppData, AppLocalData, AppCache, AppLog) and all files and sub directories created in it. The location of these directories depends on the operating system, where the application is run.

In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible.

Therefore, it is also allowed to create all of these folders via the mkdir command.

Denied Permissions

This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied.

Included permissions within this default permission set:

create-app-specific-dirs
read-app-specific-dirs-recursive
deny-default

Permission Table

Identifier	Description
`fs:allow-app-read-recursive`	This allows full recursive read access to the complete application folders, files and subdirectories.
`fs:allow-app-write-recursive`	This allows full recursive write access to the complete application folders, files and subdirectories.
`fs:allow-app-read`	This allows non-recursive read access to the application folders.
`fs:allow-app-write`	This allows non-recursive write access to the application folders.
`fs:allow-app-meta-recursive`	This allows full recursive read access to metadata of the application folders, including file listing and statistics.
`fs:allow-app-meta`	This allows non-recursive read access to metadata of the application folders, including file listing and statistics.
`fs:scope-app-recursive`	This scope permits recursive access to the complete application folders, including sub directories and files.
`fs:scope-app`	This scope permits access to all files and list content of top level directories in the application folders.
`fs:scope-app-index`	This scope permits to list all files and folders in the application directories.
`fs:allow-appcache-read-recursive`	This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories.
`fs:allow-appcache-write-recursive`	This allows full recursive write access to the complete `$APPCACHE` folder, files and subdirectories.
`fs:allow-appcache-read`	This allows non-recursive read access to the `$APPCACHE` folder.
`fs:allow-appcache-write`	This allows non-recursive write access to the `$APPCACHE` folder.
`fs:allow-appcache-meta-recursive`	This allows full recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.
`fs:allow-appcache-meta`	This allows non-recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.
`fs:scope-appcache-recursive`	This scope permits recursive access to the complete `$APPCACHE` folder, including sub directories and files.
`fs:scope-appcache`	This scope permits access to all files and list content of top level directories in the `$APPCACHE` folder.
`fs:scope-appcache-index`	This scope permits to list all files and folders in the `$APPCACHE`folder.
`fs:allow-appconfig-read-recursive`	This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories.
`fs:allow-appconfig-write-recursive`	This allows full recursive write access to the complete `$APPCONFIG` folder, files and subdirectories.
`fs:allow-appconfig-read`	This allows non-recursive read access to the `$APPCONFIG` folder.
`fs:allow-appconfig-write`	This allows non-recursive write access to the `$APPCONFIG` folder.
`fs:allow-appconfig-meta-recursive`	This allows full recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.
`fs:allow-appconfig-meta`	This allows non-recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.
`fs:scope-appconfig-recursive`	This scope permits recursive access to the complete `$APPCONFIG` folder, including sub directories and files.
`fs:scope-appconfig`	This scope permits access to all files and list content of top level directories in the `$APPCONFIG` folder.
`fs:scope-appconfig-index`	This scope permits to list all files and folders in the `$APPCONFIG`folder.
`fs:allow-appdata-read-recursive`	This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories.
`fs:allow-appdata-write-recursive`	This allows full recursive write access to the complete `$APPDATA` folder, files and subdirectories.
`fs:allow-appdata-read`	This allows non-recursive read access to the `$APPDATA` folder.
`fs:allow-appdata-write`	This allows non-recursive write access to the `$APPDATA` folder.
`fs:allow-appdata-meta-recursive`	This allows full recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.
`fs:allow-appdata-meta`	This allows non-recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.
`fs:scope-appdata-recursive`	This scope permits recursive access to the complete `$APPDATA` folder, including sub directories and files.
`fs:scope-appdata`	This scope permits access to all files and list content of top level directories in the `$APPDATA` folder.
`fs:scope-appdata-index`	This scope permits to list all files and folders in the `$APPDATA`folder.
`fs:allow-applocaldata-read-recursive`	This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories.
`fs:allow-applocaldata-write-recursive`	This allows full recursive write access to the complete `$APPLOCALDATA` folder, files and subdirectories.
`fs:allow-applocaldata-read`	This allows non-recursive read access to the `$APPLOCALDATA` folder.
`fs:allow-applocaldata-write`	This allows non-recursive write access to the `$APPLOCALDATA` folder.
`fs:allow-applocaldata-meta-recursive`	This allows full recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.
`fs:allow-applocaldata-meta`	This allows non-recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.
`fs:scope-applocaldata-recursive`	This scope permits recursive access to the complete `$APPLOCALDATA` folder, including sub directories and files.
`fs:scope-applocaldata`	This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA` folder.
`fs:scope-applocaldata-index`	This scope permits to list all files and folders in the `$APPLOCALDATA`folder.
`fs:allow-applog-read-recursive`	This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories.
`fs:allow-applog-write-recursive`	This allows full recursive write access to the complete `$APPLOG` folder, files and subdirectories.
`fs:allow-applog-read`	This allows non-recursive read access to the `$APPLOG` folder.
`fs:allow-applog-write`	This allows non-recursive write access to the `$APPLOG` folder.
`fs:allow-applog-meta-recursive`	This allows full recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.
`fs:allow-applog-meta`	This allows non-recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.
`fs:scope-applog-recursive`	This scope permits recursive access to the complete `$APPLOG` folder, including sub directories and files.
`fs:scope-applog`	This scope permits access to all files and list content of top level directories in the `$APPLOG` folder.
`fs:scope-applog-index`	This scope permits to list all files and folders in the `$APPLOG`folder.
`fs:allow-audio-read-recursive`	This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories.
`fs:allow-audio-write-recursive`	This allows full recursive write access to the complete `$AUDIO` folder, files and subdirectories.
`fs:allow-audio-read`	This allows non-recursive read access to the `$AUDIO` folder.
`fs:allow-audio-write`	This allows non-recursive write access to the `$AUDIO` folder.
`fs:allow-audio-meta-recursive`	This allows full recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.
`fs:allow-audio-meta`	This allows non-recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.
`fs:scope-audio-recursive`	This scope permits recursive access to the complete `$AUDIO` folder, including sub directories and files.
`fs:scope-audio`	This scope permits access to all files and list content of top level directories in the `$AUDIO` folder.
`fs:scope-audio-index`	This scope permits to list all files and folders in the `$AUDIO`folder.
`fs:allow-cache-read-recursive`	This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories.
`fs:allow-cache-write-recursive`	This allows full recursive write access to the complete `$CACHE` folder, files and subdirectories.
`fs:allow-cache-read`	This allows non-recursive read access to the `$CACHE` folder.
`fs:allow-cache-write`	This allows non-recursive write access to the `$CACHE` folder.
`fs:allow-cache-meta-recursive`	This allows full recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.
`fs:allow-cache-meta`	This allows non-recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.
`fs:scope-cache-recursive`	This scope permits recursive access to the complete `$CACHE` folder, including sub directories and files.
`fs:scope-cache`	This scope permits access to all files and list content of top level directories in the `$CACHE` folder.
`fs:scope-cache-index`	This scope permits to list all files and folders in the `$CACHE`folder.
`fs:allow-config-read-recursive`	This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories.
`fs:allow-config-write-recursive`	This allows full recursive write access to the complete `$CONFIG` folder, files and subdirectories.
`fs:allow-config-read`	This allows non-recursive read access to the `$CONFIG` folder.
`fs:allow-config-write`	This allows non-recursive write access to the `$CONFIG` folder.
`fs:allow-config-meta-recursive`	This allows full recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.
`fs:allow-config-meta`	This allows non-recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.
`fs:scope-config-recursive`	This scope permits recursive access to the complete `$CONFIG` folder, including sub directories and files.
`fs:scope-config`	This scope permits access to all files and list content of top level directories in the `$CONFIG` folder.
`fs:scope-config-index`	This scope permits to list all files and folders in the `$CONFIG`folder.
`fs:allow-data-read-recursive`	This allows full recursive read access to the complete `$DATA` folder, files and subdirectories.
`fs:allow-data-write-recursive`	This allows full recursive write access to the complete `$DATA` folder, files and subdirectories.
`fs:allow-data-read`	This allows non-recursive read access to the `$DATA` folder.
`fs:allow-data-write`	This allows non-recursive write access to the `$DATA` folder.
`fs:allow-data-meta-recursive`	This allows full recursive read access to metadata of the `$DATA` folder, including file listing and statistics.
`fs:allow-data-meta`	This allows non-recursive read access to metadata of the `$DATA` folder, including file listing and statistics.
`fs:scope-data-recursive`	This scope permits recursive access to the complete `$DATA` folder, including sub directories and files.
`fs:scope-data`	This scope permits access to all files and list content of top level directories in the `$DATA` folder.
`fs:scope-data-index`	This scope permits to list all files and folders in the `$DATA`folder.
`fs:allow-desktop-read-recursive`	This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories.
`fs:allow-desktop-write-recursive`	This allows full recursive write access to the complete `$DESKTOP` folder, files and subdirectories.
`fs:allow-desktop-read`	This allows non-recursive read access to the `$DESKTOP` folder.
`fs:allow-desktop-write`	This allows non-recursive write access to the `$DESKTOP` folder.
`fs:allow-desktop-meta-recursive`	This allows full recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.
`fs:allow-desktop-meta`	This allows non-recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.
`fs:scope-desktop-recursive`	This scope permits recursive access to the complete `$DESKTOP` folder, including sub directories and files.
`fs:scope-desktop`	This scope permits access to all files and list content of top level directories in the `$DESKTOP` folder.
`fs:scope-desktop-index`	This scope permits to list all files and folders in the `$DESKTOP`folder.
`fs:allow-document-read-recursive`	This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories.
`fs:allow-document-write-recursive`	This allows full recursive write access to the complete `$DOCUMENT` folder, files and subdirectories.
`fs:allow-document-read`	This allows non-recursive read access to the `$DOCUMENT` folder.
`fs:allow-document-write`	This allows non-recursive write access to the `$DOCUMENT` folder.
`fs:allow-document-meta-recursive`	This allows full recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.
`fs:allow-document-meta`	This allows non-recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.
`fs:scope-document-recursive`	This scope permits recursive access to the complete `$DOCUMENT` folder, including sub directories and files.
`fs:scope-document`	This scope permits access to all files and list content of top level directories in the `$DOCUMENT` folder.
`fs:scope-document-index`	This scope permits to list all files and folders in the `$DOCUMENT`folder.
`fs:allow-download-read-recursive`	This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories.
`fs:allow-download-write-recursive`	This allows full recursive write access to the complete `$DOWNLOAD` folder, files and subdirectories.
`fs:allow-download-read`	This allows non-recursive read access to the `$DOWNLOAD` folder.
`fs:allow-download-write`	This allows non-recursive write access to the `$DOWNLOAD` folder.
`fs:allow-download-meta-recursive`	This allows full recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.
`fs:allow-download-meta`	This allows non-recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.
`fs:scope-download-recursive`	This scope permits recursive access to the complete `$DOWNLOAD` folder, including sub directories and files.
`fs:scope-download`	This scope permits access to all files and list content of top level directories in the `$DOWNLOAD` folder.
`fs:scope-download-index`	This scope permits to list all files and folders in the `$DOWNLOAD`folder.
`fs:allow-exe-read-recursive`	This allows full recursive read access to the complete `$EXE` folder, files and subdirectories.
`fs:allow-exe-write-recursive`	This allows full recursive write access to the complete `$EXE` folder, files and subdirectories.
`fs:allow-exe-read`	This allows non-recursive read access to the `$EXE` folder.
`fs:allow-exe-write`	This allows non-recursive write access to the `$EXE` folder.
`fs:allow-exe-meta-recursive`	This allows full recursive read access to metadata of the `$EXE` folder, including file listing and statistics.
`fs:allow-exe-meta`	This allows non-recursive read access to metadata of the `$EXE` folder, including file listing and statistics.
`fs:scope-exe-recursive`	This scope permits recursive access to the complete `$EXE` folder, including sub directories and files.
`fs:scope-exe`	This scope permits access to all files and list content of top level directories in the `$EXE` folder.
`fs:scope-exe-index`	This scope permits to list all files and folders in the `$EXE`folder.
`fs:allow-font-read-recursive`	This allows full recursive read access to the complete `$FONT` folder, files and subdirectories.
`fs:allow-font-write-recursive`	This allows full recursive write access to the complete `$FONT` folder, files and subdirectories.
`fs:allow-font-read`	This allows non-recursive read access to the `$FONT` folder.
`fs:allow-font-write`	This allows non-recursive write access to the `$FONT` folder.
`fs:allow-font-meta-recursive`	This allows full recursive read access to metadata of the `$FONT` folder, including file listing and statistics.
`fs:allow-font-meta`	This allows non-recursive read access to metadata of the `$FONT` folder, including file listing and statistics.
`fs:scope-font-recursive`	This scope permits recursive access to the complete `$FONT` folder, including sub directories and files.
`fs:scope-font`	This scope permits access to all files and list content of top level directories in the `$FONT` folder.
`fs:scope-font-index`	This scope permits to list all files and folders in the `$FONT`folder.
`fs:allow-home-read-recursive`	This allows full recursive read access to the complete `$HOME` folder, files and subdirectories.
`fs:allow-home-write-recursive`	This allows full recursive write access to the complete `$HOME` folder, files and subdirectories.
`fs:allow-home-read`	This allows non-recursive read access to the `$HOME` folder.
`fs:allow-home-write`	This allows non-recursive write access to the `$HOME` folder.
`fs:allow-home-meta-recursive`	This allows full recursive read access to metadata of the `$HOME` folder, including file listing and statistics.
`fs:allow-home-meta`	This allows non-recursive read access to metadata of the `$HOME` folder, including file listing and statistics.
`fs:scope-home-recursive`	This scope permits recursive access to the complete `$HOME` folder, including sub directories and files.
`fs:scope-home`	This scope permits access to all files and list content of top level directories in the `$HOME` folder.
`fs:scope-home-index`	This scope permits to list all files and folders in the `$HOME`folder.
`fs:allow-localdata-read-recursive`	This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories.
`fs:allow-localdata-write-recursive`	This allows full recursive write access to the complete `$LOCALDATA` folder, files and subdirectories.
`fs:allow-localdata-read`	This allows non-recursive read access to the `$LOCALDATA` folder.
`fs:allow-localdata-write`	This allows non-recursive write access to the `$LOCALDATA` folder.
`fs:allow-localdata-meta-recursive`	This allows full recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.
`fs:allow-localdata-meta`	This allows non-recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.
`fs:scope-localdata-recursive`	This scope permits recursive access to the complete `$LOCALDATA` folder, including sub directories and files.
`fs:scope-localdata`	This scope permits access to all files and list content of top level directories in the `$LOCALDATA` folder.
`fs:scope-localdata-index`	This scope permits to list all files and folders in the `$LOCALDATA`folder.
`fs:allow-log-read-recursive`	This allows full recursive read access to the complete `$LOG` folder, files and subdirectories.
`fs:allow-log-write-recursive`	This allows full recursive write access to the complete `$LOG` folder, files and subdirectories.
`fs:allow-log-read`	This allows non-recursive read access to the `$LOG` folder.
`fs:allow-log-write`	This allows non-recursive write access to the `$LOG` folder.
`fs:allow-log-meta-recursive`	This allows full recursive read access to metadata of the `$LOG` folder, including file listing and statistics.
`fs:allow-log-meta`	This allows non-recursive read access to metadata of the `$LOG` folder, including file listing and statistics.
`fs:scope-log-recursive`	This scope permits recursive access to the complete `$LOG` folder, including sub directories and files.
`fs:scope-log`	This scope permits access to all files and list content of top level directories in the `$LOG` folder.
`fs:scope-log-index`	This scope permits to list all files and folders in the `$LOG`folder.
`fs:allow-picture-read-recursive`	This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories.
`fs:allow-picture-write-recursive`	This allows full recursive write access to the complete `$PICTURE` folder, files and subdirectories.
`fs:allow-picture-read`	This allows non-recursive read access to the `$PICTURE` folder.
`fs:allow-picture-write`	This allows non-recursive write access to the `$PICTURE` folder.
`fs:allow-picture-meta-recursive`	This allows full recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.
`fs:allow-picture-meta`	This allows non-recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.
`fs:scope-picture-recursive`	This scope permits recursive access to the complete `$PICTURE` folder, including sub directories and files.
`fs:scope-picture`	This scope permits access to all files and list content of top level directories in the `$PICTURE` folder.
`fs:scope-picture-index`	This scope permits to list all files and folders in the `$PICTURE`folder.
`fs:allow-public-read-recursive`	This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories.
`fs:allow-public-write-recursive`	This allows full recursive write access to the complete `$PUBLIC` folder, files and subdirectories.
`fs:allow-public-read`	This allows non-recursive read access to the `$PUBLIC` folder.
`fs:allow-public-write`	This allows non-recursive write access to the `$PUBLIC` folder.
`fs:allow-public-meta-recursive`	This allows full recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.
`fs:allow-public-meta`	This allows non-recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.
`fs:scope-public-recursive`	This scope permits recursive access to the complete `$PUBLIC` folder, including sub directories and files.
`fs:scope-public`	This scope permits access to all files and list content of top level directories in the `$PUBLIC` folder.
`fs:scope-public-index`	This scope permits to list all files and folders in the `$PUBLIC`folder.
`fs:allow-resource-read-recursive`	This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories.
`fs:allow-resource-write-recursive`	This allows full recursive write access to the complete `$RESOURCE` folder, files and subdirectories.
`fs:allow-resource-read`	This allows non-recursive read access to the `$RESOURCE` folder.
`fs:allow-resource-write`	This allows non-recursive write access to the `$RESOURCE` folder.
`fs:allow-resource-meta-recursive`	This allows full recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.
`fs:allow-resource-meta`	This allows non-recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.
`fs:scope-resource-recursive`	This scope permits recursive access to the complete `$RESOURCE` folder, including sub directories and files.
`fs:scope-resource`	This scope permits access to all files and list content of top level directories in the `$RESOURCE` folder.
`fs:scope-resource-index`	This scope permits to list all files and folders in the `$RESOURCE`folder.
`fs:allow-runtime-read-recursive`	This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories.
`fs:allow-runtime-write-recursive`	This allows full recursive write access to the complete `$RUNTIME` folder, files and subdirectories.
`fs:allow-runtime-read`	This allows non-recursive read access to the `$RUNTIME` folder.
`fs:allow-runtime-write`	This allows non-recursive write access to the `$RUNTIME` folder.
`fs:allow-runtime-meta-recursive`	This allows full recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.
`fs:allow-runtime-meta`	This allows non-recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.
`fs:scope-runtime-recursive`	This scope permits recursive access to the complete `$RUNTIME` folder, including sub directories and files.
`fs:scope-runtime`	This scope permits access to all files and list content of top level directories in the `$RUNTIME` folder.
`fs:scope-runtime-index`	This scope permits to list all files and folders in the `$RUNTIME`folder.
`fs:allow-temp-read-recursive`	This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories.
`fs:allow-temp-write-recursive`	This allows full recursive write access to the complete `$TEMP` folder, files and subdirectories.
`fs:allow-temp-read`	This allows non-recursive read access to the `$TEMP` folder.
`fs:allow-temp-write`	This allows non-recursive write access to the `$TEMP` folder.
`fs:allow-temp-meta-recursive`	This allows full recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.
`fs:allow-temp-meta`	This allows non-recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.
`fs:scope-temp-recursive`	This scope permits recursive access to the complete `$TEMP` folder, including sub directories and files.
`fs:scope-temp`	This scope permits access to all files and list content of top level directories in the `$TEMP` folder.
`fs:scope-temp-index`	This scope permits to list all files and folders in the `$TEMP`folder.
`fs:allow-template-read-recursive`	This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories.
`fs:allow-template-write-recursive`	This allows full recursive write access to the complete `$TEMPLATE` folder, files and subdirectories.
`fs:allow-template-read`	This allows non-recursive read access to the `$TEMPLATE` folder.
`fs:allow-template-write`	This allows non-recursive write access to the `$TEMPLATE` folder.
`fs:allow-template-meta-recursive`	This allows full recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.
`fs:allow-template-meta`	This allows non-recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.
`fs:scope-template-recursive`	This scope permits recursive access to the complete `$TEMPLATE` folder, including sub directories and files.
`fs:scope-template`	This scope permits access to all files and list content of top level directories in the `$TEMPLATE` folder.
`fs:scope-template-index`	This scope permits to list all files and folders in the `$TEMPLATE`folder.
`fs:allow-video-read-recursive`	This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories.
`fs:allow-video-write-recursive`	This allows full recursive write access to the complete `$VIDEO` folder, files and subdirectories.
`fs:allow-video-read`	This allows non-recursive read access to the `$VIDEO` folder.
`fs:allow-video-write`	This allows non-recursive write access to the `$VIDEO` folder.
`fs:allow-video-meta-recursive`	This allows full recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.
`fs:allow-video-meta`	This allows non-recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.
`fs:scope-video-recursive`	This scope permits recursive access to the complete `$VIDEO` folder, including sub directories and files.
`fs:scope-video`	This scope permits access to all files and list content of top level directories in the `$VIDEO` folder.
`fs:scope-video-index`	This scope permits to list all files and folders in the `$VIDEO`folder.
`fs:allow-copy-file`	Enables the copy_file command without any pre-configured scope.
`fs:deny-copy-file`	Denies the copy_file command without any pre-configured scope.
`fs:allow-create`	Enables the create command without any pre-configured scope.
`fs:deny-create`	Denies the create command without any pre-configured scope.
`fs:allow-exists`	Enables the exists command without any pre-configured scope.
`fs:deny-exists`	Denies the exists command without any pre-configured scope.
`fs:allow-fstat`	Enables the fstat command without any pre-configured scope.
`fs:deny-fstat`	Denies the fstat command without any pre-configured scope.
`fs:allow-ftruncate`	Enables the ftruncate command without any pre-configured scope.
`fs:deny-ftruncate`	Denies the ftruncate command without any pre-configured scope.
`fs:allow-lstat`	Enables the lstat command without any pre-configured scope.
`fs:deny-lstat`	Denies the lstat command without any pre-configured scope.
`fs:allow-mkdir`	Enables the mkdir command without any pre-configured scope.
`fs:deny-mkdir`	Denies the mkdir command without any pre-configured scope.
`fs:allow-open`	Enables the open command without any pre-configured scope.
`fs:deny-open`	Denies the open command without any pre-configured scope.
`fs:allow-read`	Enables the read command without any pre-configured scope.
`fs:deny-read`	Denies the read command without any pre-configured scope.
`fs:allow-read-dir`	Enables the read_dir command without any pre-configured scope.
`fs:deny-read-dir`	Denies the read_dir command without any pre-configured scope.
`fs:allow-read-file`	Enables the read_file command without any pre-configured scope.
`fs:deny-read-file`	Denies the read_file command without any pre-configured scope.
`fs:allow-read-text-file`	Enables the read_text_file command without any pre-configured scope.
`fs:deny-read-text-file`	Denies the read_text_file command without any pre-configured scope.
`fs:allow-read-text-file-lines`	Enables the read_text_file_lines command without any pre-configured scope.
`fs:deny-read-text-file-lines`	Denies the read_text_file_lines command without any pre-configured scope.
`fs:allow-read-text-file-lines-next`	Enables the read_text_file_lines_next command without any pre-configured scope.
`fs:deny-read-text-file-lines-next`	Denies the read_text_file_lines_next command without any pre-configured scope.
`fs:allow-remove`	Enables the remove command without any pre-configured scope.
`fs:deny-remove`	Denies the remove command without any pre-configured scope.
`fs:allow-rename`	Enables the rename command without any pre-configured scope.
`fs:deny-rename`	Denies the rename command without any pre-configured scope.
`fs:allow-seek`	Enables the seek command without any pre-configured scope.
`fs:deny-seek`	Denies the seek command without any pre-configured scope.
`fs:allow-size`	Enables the size command without any pre-configured scope.
`fs:deny-size`	Denies the size command without any pre-configured scope.
`fs:allow-stat`	Enables the stat command without any pre-configured scope.
`fs:deny-stat`	Denies the stat command without any pre-configured scope.
`fs:allow-truncate`	Enables the truncate command without any pre-configured scope.
`fs:deny-truncate`	Denies the truncate command without any pre-configured scope.
`fs:allow-unwatch`	Enables the unwatch command without any pre-configured scope.
`fs:deny-unwatch`	Denies the unwatch command without any pre-configured scope.
`fs:allow-watch`	Enables the watch command without any pre-configured scope.
`fs:deny-watch`	Denies the watch command without any pre-configured scope.
`fs:allow-write`	Enables the write command without any pre-configured scope.
`fs:deny-write`	Denies the write command without any pre-configured scope.
`fs:allow-write-file`	Enables the write_file command without any pre-configured scope.
`fs:deny-write-file`	Denies the write_file command without any pre-configured scope.
`fs:allow-write-text-file`	Enables the write_text_file command without any pre-configured scope.
`fs:deny-write-text-file`	Denies the write_text_file command without any pre-configured scope.
`fs:create-app-specific-dirs`	This permissions allows to create the application specific directories.
`fs:deny-default`	This denies access to dangerous Tauri relevant files and folders by default.
`fs:deny-webview-data-linux`	This denies read access to the `$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.
`fs:deny-webview-data-windows`	This denies read access to the `$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.
`fs:read-all`	This enables all read related commands without any pre-configured accessible paths.
`fs:read-app-specific-dirs-recursive`	This permission allows recursive read functionality on the application specific base directories.
`fs:read-dirs`	This enables directory read and file metadata related commands without any pre-configured accessible paths.
`fs:read-files`	This enables file read related commands without any pre-configured accessible paths.
`fs:read-meta`	This enables all index or metadata related commands without any pre-configured accessible paths.
`fs:scope`	An empty permission you can use to modify the global scope.
`fs:write-all`	This enables all write related commands without any pre-configured accessible paths.
`fs:write-files`	This enables all file write related commands without any pre-configured accessible paths.

范围

¥Scopes

此插件权限包括定义允许或明确拒绝哪些路径的范围。有关范围的更多信息，请参阅命令范围。

¥This plugin permissions includes scopes for defining which paths are allowed or explicitly rejected. For more information on scopes, see the Command Scopes.

每个 allow 或 deny 范围必须包含一个数组，列出所有应允许或拒绝的路径。范围条目采用 { path: string } 格式。

¥Each allow or deny scope must include an array listing all paths that should be allowed or denied. The scope entries are in the { path: string } format.

:::note 注意

deny 优先于 allow，因此如果某个路径被某个范围拒绝，则即使另一个范围允许，它也会在运行时被阻止。

¥deny take precedence over allow so if a path is denied by a scope, it will be blocked at runtime even if it is allowed by another scope.

:::

范围条目可以使用 $<path> 变量来引用常见的系统路径，例如主目录、应用资源目录和配置目录。下表列出了你可以参考的所有常用路径：

¥Scope entries can use $<path> variables to reference common system paths such as the home directory, the app resources directory and the config directory. The following table lists all common paths you can reference:

路径	变量
appConfigDir	$APPCONFIG
appDataDir	$APPDATA
appLocalDataDir	$APPLOCALDATA
appcacheDir	$APPCACHE
applogDir	$APPLOG
audioDir	$AUDIO
cacheDir	$CACHE
configDir	$CONFIG
dataDir	$DATA
localDataDir	$LOCALDATA
desktopDir	$DESKTOP
documentDir	$DOCUMENT
downloadDir	$DOWNLOAD
executableDir	$EXE
fontDir	$FONT
homeDir	$HOME
pictureDir	$PICTURE
publicDir	$PUBLIC
runtimeDir	$RUNTIME
templateDir	$TEMPLATE
videoDir	$VIDEO
resourceDir	$RESOURCE
tempDir	$TEMP

示例

¥Examples

全局范围

¥global scope

要将范围应用于任何 fs 命令，请使用 fs:scope 权限：

¥To apply a scope to any fs command, use the fs:scope permission:

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    {
      "identifier": "fs:scope",
      "allow": [{ "path": "$APPDATA" }, { "path": "$APPDATA/**" }]
    }
  ]
}

要将范围应用于特定的 fs 命令，请使用权限 { "identifier": string, "allow"?: [], "deny"?: [] } 的对象形式：

¥To apply a scope to a specific fs command, use the the object form of permissions { "identifier": string, "allow"?: [], "deny"?: [] }:

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    {
      "identifier": "fs:allow-rename",
      "allow": [{ "path": "$HOME/**" }]
    },
    {
      "identifier": "fs:allow-rename",
      "deny": [{ "path": "$HOME/.config/**" }]
    },
    {
      "identifier": "fs:allow-exists",
      "allow": [{ "path": "$APPDATA/*" }]
    }
  ]
}

在上面的例子中，你可以使用任何 $APPDATA 子路径（不包括子目录）和 rename 来使用 exists API

¥In the above example you can use the exists API using any $APPDATA sub path (does not include sub-directories) and the rename

:::tip 提示

如果你尝试在基于 Unix 的系统上访问点文件（例如 .gitignore）或点文件夹（例如 .ssh），则需要指定完整路径 /home/user/.ssh/example 或点文件夹路径组件 /home/user/.ssh/* 后的 glob。

¥If you are trying to access dotfiles (e.g. .gitignore) or dotfolders (e.g. .ssh) on Unix based systems, then you need to specify either the full path /home/user/.ssh/example or the glob after the dotfolder path component /home/user/.ssh/*.

如果这在你的用例中不起作用，那么你可以配置插件以将任何组件视为有效路径字面量。

¥If that does not work in your use case then you can configure the plugin to treat any component as a valid path literal.

 "plugins": {
    "fs": {
      "requireLiteralLeadingDot": false
    }
  }

:::