权限

权限是命令的明确权限的描述。

¥Permissions are descriptions of explicit privileges of commands.

[[permission]]
identifier = "my-identifier"
description = "This describes the impact and more."
commands.allow = [
    "read_file"
]

[[scope.allow]]
my-scope = "$HOME/*"

[[scope.deny]]
my-scope = "$HOME/secret"

它可以使命令在 Tauri 应用的前端可访问。它可以将范围映射到命令并定义启用哪些命令。权限可以启用或拒绝某些命令，定义范围或将两者结合起来。

¥It can enable commands to be accessible in the frontend of a Tauri application. It can map scopes to commands and defines which commands are enabled. Permissions can enable or deny certain commands, define scopes or combine both.

权限可以在新标识符下分组为一组。这称为权限集。这允许你将范围相关权限与命令相关权限相结合。它还允许将操作特定权限分组或打包到更可用的集合中。

¥Permissions can be grouped as a set under a new identifier. This is called a permission set. This allows you to combine scope related permissions with command related permissions. It also allows to group or bundle operating specific permissions into more usable sets.

作为插件开发者，你可以为所有公开的命令提供多个预定义的、命名良好的权限。

¥As a plugin developer you can ship multiple, pre-defined, well named permissions for all of your exposed commands.

作为应用开发者，你可以扩展现有的插件权限或为自己的命令定义它们。它们可以分组或扩展为一组，以便以后重新使用或简化主配置文件。

¥As an application developer you can extend existing plugin permissions or define them for your own commands. They can be grouped or extended in a set to be re-used or to simplify the main configuration files later.

权限标识符

¥Permission Identifier

权限标识符用于确保权限可以重复使用并具有唯一的名称。

¥The permissions identifier is used to ensure that permissions can be re-used and have unique names.

:::tip 提示

对于名称，我们指的是没有 tauri-plugin- 前缀的插件包名称。这是为了减少命名冲突的可能性而命名的。引用应用本身的权限时，这不是必需的。

¥With name we refer to the plugin crate name without the tauri-plugin- prefix. This is meant as namespacing to reduce likelihood of naming conflicts. When referencing permissions of the application itself it is not necessary.

:::

• <name>:default 表示权限是插件或应用的默认权限

  ¥<name>:default Indicates the permission is the default for a plugin or application

• <name>:<command-name> 表示权限用于单个命令

  ¥<name>:<command-name> Indicates the permission is for an individual command

插件前缀 tauri-plugin- 将在编译时自动添加到插件标识符的前面，无需手动指定。

¥The plugin prefix tauri-plugin- will be automatically prepended to the identifier of plugins at compile time and is not required to be manually specified.

标识符仅限于 ASCII 小写字母字符 [a-z]，并且标识符的最大长度目前由于以下常量而限制为 116：

¥Identifiers are limited to ASCII lower case alphabetic characters [a-z] and the maximum length of the identifier is currently limited to 116 due to the following constants:

const IDENTIFIER_SEPARATOR: u8 = b':';
const PLUGIN_PREFIX: &str = "tauri-plugin-";

// https://doc.rust-lang.org/cargo/reference/manifest.html#the-name-field
const MAX_LEN_PREFIX: usize = 64 - PLUGIN_PREFIX.len();
const MAX_LEN_BASE: usize = 64;
const MAX_LEN_IDENTIFIER: usize = MAX_LEN_PREFIX + 1 + MAX_LEN_BASE;

配置文件

¥Configuration Files

Tauri 插件目录结构的简化示例：

¥Simplified example of an example Tauri plugin directory structure:

tauri-plugin
├── README.md
├── src
│  └── lib.rs
├── build.rs
├── Cargo.toml
├── permissions
│  └── <identifier>.json/toml
│  └── default.json/toml

默认权限以特殊方式处理，因为它会自动添加到应用配置中，只要使用 Tauri CLI 向 Tauri 应用添加插件即可。

¥The default permission is handled in a special way, as it is automatically added to the application configuration, as long as the Tauri CLI is used to add plugins to a Tauri application.

对于应用开发者，结构类似：

¥For application developers the structure is similar:

tauri-app
├── index.html
├── package.json
├── src
├── src-tauri
│   ├── Cargo.toml
│   ├── permissions
│      └── <identifier>.toml
|   ├── capabilities
│      └── <identifier>.json/.toml
│   ├── src
│   ├── tauri.conf.json

:::note 注意

作为应用开发者，功能文件可以用 json/json5 或 toml 编写，而权限只能用 toml 定义。

¥As an application developer the capability files can be written in json/json5 or toml, whereas permissions only can be defined in toml.

:::

示例

¥Examples

来自 File System 插件的示例权限。

¥Example permissions from the File System plugin.

plugins/fs/permissions/autogenerated/base-directories/home.toml

[[permission]]
identifier = "scope-home"
description = """This scope permits access to all files and
list content of top level directories in the `$HOME`folder."""

[[scope.allow]]
path = "$HOME/*"

plugins/fs/permissions/read-files.toml

[[permission]]
identifier = "read-files"
description = """This enables all file read related
commands without any pre-configured accessible paths."""
commands.allow = [
    "read_file",
    "read",
    "open",
    "read_text_file",
    "read_text_file_lines",
    "read_text_file_lines_next"
]

plugins/fs/permissions/autogenerated/commands/mkdir.toml

[[permission]]
identifier = "allow-mkdir"
description = "This enables the mkdir command."
commands.allow = [
    "mkdir"
]

在你的应用中扩展插件权限的示例实现：

¥Example implementation extending above plugin permissions in your app:

my-app/src-tauri/permissions/home-read-extends.toml

[[set]]
identifier = "allow-home-read-extended"
description = """ This allows non-recursive read access to files and to create directories
in the `$HOME` folder.
"""
permissions = [
    "fs:read-files",
    "fs:scope-home",
    "fs:allow-mkdir"
]