命令作用域
作用域是定义Tauri命令允许或禁止行为的细粒度方式。
作用域分为允许或拒绝作用域,其中拒绝总是优先于允许作用域。
作用域类型需要是任何serde可序列化类型。这些类型通常是插件特定的。对于在Tauri应用程序中实现的作用域命令,作用域类型需要在应用程序中定义,然后在命令实现中强制执行。
例如,Fs插件允许你使用作用域来允许或拒绝某些目录和文件,而http插件使用作用域来过滤允许访问的URL。
作用域被传递给命令,处理或正确强制执行由命令本身实现。
示例
这些示例来自Fs插件权限:
此插件中所有命令的作用域类型是一个字符串,包含一个glob兼容路径。
[[permission]]
identifier
=
"
scope-applocaldata-recursive
"
description
=
'''
This scope recursive access to the complete `$APPLOCALDATA` folder,
including sub directories and files.
'''
[[permission.scope.allow]]
path
=
"
$APPLOCALDATA/**
"
[[permission]]
identifier
=
"
deny-webview-data-linux
"
description
=
'''
This denies read access to the
`$APPLOCALDATA` folder on linux as the webview data and
configuration values are stored here.
Allowing access can lead to sensitive information disclosure and
should be well considered.
'''
platforms
= [
"
linux
"
]
[[scope.deny]]
path
=
"
$APPLOCALDATA/**
"
[[permission]]
identifier
=
"
deny-webview-data-windows
"
description
=
'''
This denies read access to the
`$APPLOCALDATA/EBWebView` folder on windows as the webview data and
configuration values are stored here.
Allowing access can lead to sensitive information disclosure and
should be well considered.
'''
platforms
= [
"
windows
"
]
[[scope.deny]]
path
=
"
$APPLOCALDATA/EBWebView/**
"
上述作用域可以用于允许访问APPLOCALDATA文件夹,同时防止访问包含敏感webview数据的windows上的EBWebView子文件夹。
这些作用域可以合并到一个集合中,这减少了重复配置,并使任何查看应用程序配置的人更容易理解。
首先将拒绝作用域合并到deny-default:
[[set]]
identifier
=
"
deny-default
"
description
=
'''
This denies access to dangerous Tauri relevant files and
folders by default.
'''
permissions
= [
"
deny-webview-data-linux
"
,
"
deny-webview-data-windows
"
]
之后拒绝和允许作用域合并:
[[set]]
identifier
=
"
scope-applocaldata-reasonable
"
description
=
'''
This scope set allows access to the `APPLOCALDATA` folder and
subfolders except for linux,
while it denies access to dangerous Tauri relevant files and
folders by default on windows.
'''
permissions
= [
"
scope-applocaldata-recursive
"
,
"
deny-default
"
]
这些作用域可以用于所有命令,通过扩展插件的全局作用域,或者仅用于在权限中启用的选定命令。
合理的只读文件访问APPLOCALDATA中的文件可能如下所示:
[[set]]
identifier
=
"
read-files-applocaldata
"
description
=
'''
This set allows file read access to the `APPLOCALDATA` folder and
subfolders except for linux,
while it denies access to dangerous Tauri relevant files and
folders by default on windows.
'''
permissions
= [
"
scope-applocaldata-reasonable
"
,
"
allow-read-file
"
]
这些示例仅突出显示了作用域功能本身。每个插件或应用程序开发者需要根据其用例考虑合理的作用域组合。
© 2024 Tauri中文网