命令范围

范围是一种定义 Tauri 命令的（不）允许行为的细粒度方法。

🌐 A scope is a granular way to define (dis)allowed behavior of a Tauri command.

作用域被分为 allow 或 deny 作用域，其中 deny 总是优先于 allow 作用域。

🌐 Scopes are categorized into allow or deny scopes, where deny always supersedes the allow scope.

作用域类型需要是任何 serde 可序列化类型。这些类型通常是特定于插件的。对于在 Tauri 应用中实现的范围命令，作用域类型需要在应用中定义，然后在命令实现中强制执行。

🌐 The scope type needs be of any serde serializable type. These types are plugin-specific in general. For scoped commands implemented in a Tauri application the scope type needs to be defined in the application and then enforced in the command implementation.

例如，Fs 插件允许你使用作用域来允许或拒绝某些目录和文件，而 http 插件使用作用域来过滤允许访问的 URL。

🌐 For instance, the Fs plugin allows you to use scopes to allow or deny certain directories and files and the http plugin uses scopes to filter URLs that are allowed to be reached.

作用域被传递给命令，并且处理或正确执行由命令本身实现。

🌐 The scope is passed to the command and handling or properly enforcing is implemented by the command itself.

Caution

命令开发者需要确保不可能存在权限范围绕过。应对权限范围验证的实现进行审计，以确保其正确性。

🌐 Command developers need to ensure that there are no scope bypasses possible. The scope validation implementation should be audited to ensure correctness.

示例

🌐 Examples

这些示例取自 Fs 插件权限：

🌐 These examples are taken from the Fs plugin permissions:

此插件中所有命令的作用域类型都是一个字符串，包含一个 glob 兼容路径。

🌐 The scope type in this plugin for all commands is a string, which contains a glob compatible path.

plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml

[[permission]]
identifier = "scope-applocaldata-recursive"
description = '''
This scope recursive access to the complete `$APPLOCALDATA` folder,
including sub directories and files.
'''

[[permission.scope.allow]]
path = "$APPLOCALDATA/**"

plugins/fs/permissions/deny-webview-data.toml

[[permission]]
identifier = "deny-webview-data-linux"
description = '''
This denies read access to the
`$APPLOCALDATA` folder on linux as the webview data and
configuration values are stored here.
Allowing access can lead to sensitive information disclosure and
should be well considered.
'''
platforms = ["linux"]

[[scope.deny]]
path = "$APPLOCALDATA/**"

[[permission]]
identifier = "deny-webview-data-windows"
description = '''
This denies read access to the
`$APPLOCALDATA/EBWebView` folder on windows as the webview data and
configuration values are stored here.
Allowing access can lead to sensitive information disclosure and
should be well considered.
'''
platforms = ["windows"]

[[scope.deny]]
path = "$APPLOCALDATA/EBWebView/**"

上述作用域可用于允许访问 APPLOCALDATA 文件夹，同时阻止访问 windows 上的 EBWebView 子文件夹，该子文件夹包含敏感的 webview 数据。

🌐 The above scopes can be used to allow access to the APPLOCALDATA folder, while preventing access to the EBWebView subfolder on windows, which contains sensitive webview data.

这些可以合并成一组，从而减少重复配置，并使任何查看应用配置的人更容易理解。

🌐 These can merged into a set, which reduces duplicate configuration and makes it more understandable for anyone looking into the application configuration.

首先，将拒绝范围合并到 deny-default：

🌐 First the deny scopes are merged into deny-default:

plugins/fs/permissions/deny-default.toml

[[set]]
identifier = "deny-default"
description = '''
This denies access to dangerous Tauri relevant files and
folders by default.
'''
permissions = ["deny-webview-data-linux", "deny-webview-data-windows"]

之后，拒绝和允许范围合并：

🌐 Afterwards deny and allow scopes are merged:

[[set]]
identifier = "scope-applocaldata-reasonable"
description = '''
This scope set allows access to the `APPLOCALDATA` folder and
subfolders except for linux,
while it denies access to dangerous Tauri relevant files and
folders by default on windows.
'''
permissions = ["scope-applocaldata-recursive", "deny-default"]

这些作用域可以通过扩展插件的全局作用域来用于所有命令，或者仅在与权限中的已启用命令结合使用时用于某些特定命令。

🌐 These scopes can be either used for all commands, by extending the global scope of the plugin, or for only selected commands when they are used in combination with a enabled command inside a permission.

对 APPLOCALDATA 中的文件进行合理的只读访问可能如下所示：

🌐 Reasonable read only file access to files in the APPLOCALDATA could look like this:

[[set]]
identifier = "read-files-applocaldata"
description = '''
This set allows file read access to the `APPLOCALDATA` folder and
subfolders except for linux,
while it denies access to dangerous Tauri relevant files and
folders by default on windows.'''
permissions = ["scope-applocaldata-reasonable", "allow-read-file"]

这些例子仅仅突出了范围功能本身。每个插件或应用开发者都需要根据他们的使用场景考虑合理的范围组合。

🌐 These examples only highlight the scope functionality itself. Each plugin or application developer needs to consider reasonable combinations of scope depending on their use cases.