Using Plugin Permissions
The goal of this exercise is to get a better understanding on how plugin permissions can be enabled or disabled, where they are described and how to use default permissions of plugins.
At the end you will have the ability to find and use permissions of arbitrary plugins and understand how to custom tailor existing permissions. You will have an example Tauri application where a plugin and plugin specific permissions are used.
-
Create your Tauri application. In our example we will facilitate
create-tauri-app
:We will proceed in this step-by-step explanation with
pnpm
but you can choose another package manager and replace it in the commands accordingly. -
To search for existing plugins you can use multiple resources.
The most straight forward way would be to check out if your plugin is already in the Plugins section of the documentation and therefore part of Tauri’s maintained plugin set. The Filesystem plugin is part of the Tauri plugin workspace and you can add it to your project by following the instructions.
If the plugin is part of the community effort you can most likely find it on crates.io when searching for
tauri-plugin-<your plugin name>
.If it is an existing plugin from our workspace you can use the automated way:
If you have found it on crates.io you need to manually add it as a dependency and modify the Tauri builder to initialize the plugin:
Modify
lib.rs
to initialize the plugin: -
Each plugin has a
default
permission set, which contains all permissions and scopes to use the plugin out of the box with a reasonable minimal feature set.In the case of official maintained plugins you can find a rendered description in the documentation (eg. fs default).
In case you are figuring this out for a community plugin you need to check out the source code of the plugin. This should be defined in
your-plugin/permissions/default.toml
. -
This step is all about finding the permissions you need to for your commands to be exposed to the frontend with the minimal access to your system.
The
fs
plugin has autogenerated permissions which will disable or enable individual commands and allow or disable global scopes.These can be found in the documentation or in the source code of the plugin (
fs/permissions/autogenerated
).Let us assume we want to enable writing to a text file
test.txt
located in the users$HOME
folder.For this we would search in the autogenerated permissions for a permission to enable writing to text files like
allow-write-text-file
and then for a scope which would allow us to access the$HOME/test.txt
file.We need to add these to our
capabilities
section in oursrc-tauri/tauri.conf.json
or in a file in thesrc-tauri/capabilities/
folder. By default there is already a capability insrc-tauri/capabilities/default.json
we can modify.Since there are only autogenerated scopes in the
fs
plugin to access the full$HOME
folder, we need to configure our own scope. This scope should be only enabled for thewrite-text-file
command and should only expose ourtest.txt
file. -
After we have added the necessary permission we want to confirm that our application can access the file and write it’s content.
We can use this snippet in our application to write to the file:
Replacing the
src/main.ts
with this snippet means we do not need to modify the defaultindex.html
, when using the plain Vanilla+Typescript app. Entering any input into the input field of the running app will be written to the file on submit.Let’s test now in practice:
After writing into the input and clicking “Submit”, we can check via our terminal emulator or by manually opening the file in your home folder.
You should be presented with your input and finished learning about using permissions from plugins in Tauri applications. 🥳
If you encountered this error:
Then you very likely did not properly follow the previous instructions.
© 2024 Tauri Contributors. CC-BY / MIT