权限

权限是命令的明确权限的描述。

🌐 Permissions are descriptions of explicit privileges of commands.

[[permission]]
identifier = "my-identifier"
description = "This describes the impact and more."
commands.allow = [
    "read_file"
]

[[scope.allow]]
my-scope = "$HOME/*"

[[scope.deny]]
my-scope = "$HOME/secret"

它可以使命令在 Tauri 应用的前端中可用。 它可以将作用域映射到命令，并定义哪些命令是启用的。 权限可以启用或拒绝某些命令，定义作用域或两者结合。

🌐 It can enable commands to be accessible in the frontend of a Tauri application. It can map scopes to commands and defines which commands are enabled. Permissions can enable or deny certain commands, define scopes or combine both.

要授予或拒绝对应用窗口或 WebView 的权限，你必须在 capability 中引用该权限。

🌐 To grant or deny a permission to your app’s window or webview, you must reference the permission in a capability.

权限可以在一个新的标识符下作为一组进行分组。这称为权限集。这允许你将与范围相关的权限与命令相关的权限结合起来。它还允许将特定操作的权限分组或打包成更易用的集合。

🌐 Permissions can be grouped as a set under a new identifier. This is called a permission set. This allows you to combine scope related permissions with command related permissions. It also allows to group or bundle operating specific permissions into more usable sets.

作为插件开发者，你可以为你所有公开的命令提供多个预定义的、命名良好的权限。

🌐 As a plugin developer you can ship multiple, pre-defined, well named permissions for all of your exposed commands.

作为应用开发者，你可以扩展现有插件的权限，或为你自己的命令定义权限。 它们可以被分组或在一个集合中扩展，以便重复使用或简化以后主要的配置文件。

🌐 As an application developer you can extend existing plugin permissions or define them for your own commands. They can be grouped or extended in a set to be re-used or to simplify the main configuration files later.

权限标识符

🌐 Permission Identifier

权限标识符用于确保权限可以重复使用并具有唯一的名称。

🌐 The permissions identifier is used to ensure that permissions can be re-used and have unique names.

Tip

当我们说 name 时，我们指的是不带 tauri-plugin- 前缀的插件 crate 名称。这是为了命名空间管理，以减少命名冲突的可能性。在引用应用自身的权限时，这不是必需的。

🌐 With name we refer to the plugin crate name without the tauri-plugin- prefix. This is meant as namespacing to reduce likelihood of naming conflicts. When referencing permissions of the application itself it is not necessary.

• <name>:default 表示该权限是插件或应用的默认权限
• <name>:<command-name> 表示该权限是针对单个命令的

插件前缀 tauri-plugin- 将在编译时自动添加到插件的标识符前，无需手动指定。

🌐 The plugin prefix tauri-plugin- will be automatically prepended to the identifier of plugins at compile time and is not required to be manually specified.

标识符仅限于 ASCII 小写字母字符 [a-z]，并且由于以下常量，标识符的最大长度目前限制为 116：

🌐 Identifiers are limited to ASCII lower case alphabetic characters [a-z] and the maximum length of the identifier is currently limited to 116 due to the following constants:

const IDENTIFIER_SEPARATOR: u8 = b':';
const PLUGIN_PREFIX: &str = "tauri-plugin-";

// https://doc.rust-lang.org/cargo/reference/manifest.html#the-name-field
const MAX_LEN_PREFIX: usize = 64 - PLUGIN_PREFIX.len();
const MAX_LEN_BASE: usize = 64;
const MAX_LEN_IDENTIFIER: usize = MAX_LEN_PREFIX + 1 + MAX_LEN_BASE;

配置文件

🌐 Configuration Files

简化的示例 Tauri 插件 目录结构：

🌐 Simplified example of an example Tauri plugin directory structure:

tauri-plugin
├── README.md
├── src
│  └── lib.rs
├── build.rs
├── Cargo.toml
├── permissions
│  └── <identifier>.json/toml
│  └── default.json/toml

默认权限以特殊的方式处理，因为只要使用 Tauri CLI 向 Tauri 应用添加插件，它就会自动添加到应用配置中。

🌐 The default permission is handled in a special way, as it is automatically added to the application configuration, as long as the Tauri CLI is used to add plugins to a Tauri application.

对于应用开发者，结构类似：

🌐 For application developers the structure is similar:

tauri-app
├── index.html
├── package.json
├── src
├── src-tauri
│   ├── Cargo.toml
│   ├── permissions
│      └── <identifier>.toml
|   ├── capabilities
│      └── <identifier>.json/.toml
│   ├── src
│   ├── tauri.conf.json

Note

作为应用开发者，能力文件可以用 json/json5 或 toml 编写，而权限只能在 toml 中定义。

🌐 As an application developer the capability files can be written in json/json5 or toml, whereas permissions only can be defined in toml.

示例

🌐 Examples

File System 插件的示例权限。

🌐 Example permissions from the File System plugin.

plugins/fs/permissions/autogenerated/base-directories/home.toml

[[permission]]
identifier = "scope-home"
description = """This scope permits access to all files and
list content of top level directories in the `$HOME`folder."""

[[scope.allow]]
path = "$HOME/*"

plugins/fs/permissions/read-files.toml

[[permission]]
identifier = "read-files"
description = """This enables all file read related
commands without any pre-configured accessible paths."""
commands.allow = [
    "read_file",
    "read",
    "open",
    "read_text_file",
    "read_text_file_lines",
    "read_text_file_lines_next"
]

plugins/fs/permissions/autogenerated/commands/mkdir.toml

[[permission]]
identifier = "allow-mkdir"
description = "This enables the mkdir command."
commands.allow = [
    "mkdir"
]

在你的应用中扩展插件权限的示例实现：

🌐 Example implementation extending above plugin permissions in your app:

my-app/src-tauri/permissions/home-read-extends.toml

[[set]]
identifier = "allow-home-read-extended"
description = """ This allows non-recursive read access to files and to create directories
in the `$HOME` folder.
"""
permissions = [
    "fs:read-files",
    "fs:scope-home",
    "fs:allow-mkdir"
]