权限

权限是命令的明确权限的描述。

¥Permissions are descriptions of explicit privileges of commands.

[[permission]]
identifier = "my-identifier"
description = "This describes the impact and more."
commands.allow = [
    "read_file"
]

[[scope.allow]]
my-scope = "$HOME/*"

[[scope.deny]]
my-scope = "$HOME/secret"

它可以使命令在 Tauri 应用的前端可访问。它可以将范围映射到命令并定义启用哪些命令。权限可以启用或拒绝某些命令，定义范围或将两者结合起来。

¥It can enable commands to be accessible in the frontend of a Tauri application. It can map scopes to commands and defines which commands are enabled. Permissions can enable or deny certain commands, define scopes or combine both.

要授予或拒绝应用窗口或 Web 视图的权限，你必须在 capability 中引用该权限。

¥To grant or deny a permission to your app’s window or webview, you must reference the permission in a capability.

权限可以在新标识符下分组为一组。这称为权限集。这允许你将范围相关权限与命令相关权限相结合。它还允许将操作特定权限分组或打包到更可用的集合中。

¥Permissions can be grouped as a set under a new identifier. This is called a permission set. This allows you to combine scope related permissions with command related permissions. It also allows to group or bundle operating specific permissions into more usable sets.

作为插件开发者，你可以为所有公开的命令提供多个预定义的、命名良好的权限。

¥As a plugin developer you can ship multiple, pre-defined, well named permissions for all of your exposed commands.

作为应用开发者，你可以扩展现有的插件权限或为自己的命令定义它们。它们可以分组或扩展为一组，以便以后重新使用或简化主配置文件。

¥As an application developer you can extend existing plugin permissions or define them for your own commands. They can be grouped or extended in a set to be re-used or to simplify the main configuration files later.

权限标识符

¥Permission Identifier

权限标识符用于确保权限可以重复使用并具有唯一的名称。

¥The permissions identifier is used to ensure that permissions can be re-used and have unique names.

:::tip 提示

对于名称，我们指的是没有 tauri-plugin- 前缀的插件包名称。这是为了减少命名冲突的可能性而命名的。引用应用本身的权限时，这不是必需的。

¥With name we refer to the plugin crate name without the tauri-plugin- prefix. This is meant as namespacing to reduce likelihood of naming conflicts. When referencing permissions of the application itself it is not necessary.

:::

• <name>:default 表示权限是插件或应用的默认权限

  ¥<name>:default Indicates the permission is the default for a plugin or application

• <name>:<command-name> 表示权限用于单个命令

  ¥<name>:<command-name> Indicates the permission is for an individual command

插件前缀 tauri-plugin- 将在编译时自动添加到插件标识符的前面，无需手动指定。

¥The plugin prefix tauri-plugin- will be automatically prepended to the identifier of plugins at compile time and is not required to be manually specified.

标识符仅限于 ASCII 小写字母字符 [a-z]，并且标识符的最大长度目前由于以下常量而限制为 116：

¥Identifiers are limited to ASCII lower case alphabetic characters [a-z] and the maximum length of the identifier is currently limited to 116 due to the following constants:

const IDENTIFIER_SEPARATOR: u8 = b':';
const PLUGIN_PREFIX: &str = "tauri-plugin-";

// https://doc.rust-lang.org/cargo/reference/manifest.html#the-name-field
const MAX_LEN_PREFIX: usize = 64 - PLUGIN_PREFIX.len();
const MAX_LEN_BASE: usize = 64;
const MAX_LEN_IDENTIFIER: usize = MAX_LEN_PREFIX + 1 + MAX_LEN_BASE;

配置文件

¥Configuration Files

Tauri 插件目录结构的简化示例：

¥Simplified example of an example Tauri plugin directory structure:

tauri-plugin
├── README.md
├── src
│  └── lib.rs
├── build.rs
├── Cargo.toml
├── permissions
│  └── <identifier>.json/toml
│  └── default.json/toml

默认权限以特殊方式处理，因为它会自动添加到应用配置中，只要使用 Tauri CLI 向 Tauri 应用添加插件即可。

¥The default permission is handled in a special way, as it is automatically added to the application configuration, as long as the Tauri CLI is used to add plugins to a Tauri application.

对于应用开发者，结构类似：

¥For application developers the structure is similar:

tauri-app
├── index.html
├── package.json
├── src
├── src-tauri
│   ├── Cargo.toml
│   ├── permissions
│      └── <identifier>.toml
|   ├── capabilities
│      └── <identifier>.json/.toml
│   ├── src
│   ├── tauri.conf.json

:::note 注意

作为应用开发者，功能文件可以用 json/json5 或 toml 编写，而权限只能用 toml 定义。

¥As an application developer the capability files can be written in json/json5 or toml, whereas permissions only can be defined in toml.

:::

示例

¥Examples

来自 File System 插件的示例权限。

¥Example permissions from the File System plugin.

plugins/fs/permissions/autogenerated/base-directories/home.toml

[[permission]]
identifier = "scope-home"
description = """This scope permits access to all files and
list content of top level directories in the `$HOME`folder."""

[[scope.allow]]
path = "$HOME/*"

plugins/fs/permissions/read-files.toml

[[permission]]
identifier = "read-files"
description = """This enables all file read related
commands without any pre-configured accessible paths."""
commands.allow = [
    "read_file",
    "read",
    "open",
    "read_text_file",
    "read_text_file_lines",
    "read_text_file_lines_next"
]

plugins/fs/permissions/autogenerated/commands/mkdir.toml

[[permission]]
identifier = "allow-mkdir"
description = "This enables the mkdir command."
commands.allow = [
    "mkdir"
]

在你的应用中扩展插件权限的示例实现：

¥Example implementation extending above plugin permissions in your app:

my-app/src-tauri/permissions/home-read-extends.toml

[[set]]
identifier = "allow-home-read-extended"
description = """ This allows non-recursive read access to files and to create directories
in the `$HOME` folder.
"""
permissions = [
    "fs:read-files",
    "fs:scope-home",
    "fs:allow-mkdir"
]