Writing Plugin Permissions
The goal of this exercise is to get a better understanding on how plugin permissions can be created when writing your own plugin.
At the end you will have the ability to create simple permissions for your plugins. You will have an example Tauri plugin where permissions are partially autogenerated and hand crafted.
-
In our example we will facilitate the Tauri
cli
to bootstrap a Tauri plugin source code structure. Make sure you have installed all Prerequisites and verify you have the Tauri CLI in the correct version by runningcargo tauri info
.The output should indicate the
tauri-cli
version is2.x
. We will proceed in this step-by-step explanation withpnpm
but you can choose another package manager and replace it in the commands accordingly.Once you have a recent version installed you can go ahead and create the plugin using the Tauri CLI.
-
To showcase something practical and simple let us assume our command writes user input to a file in our temporary folder while adding some custom header to the file.
Let’s name our command
write_custom_file
, implement it insrc/commands.rs
and add it to our plugin builder to be exposed to the frontend.Tauri’s core utils will autogenerate
allow
anddeny
permissions for this command, so we do not need to care about this.The command implementation:
Auto-Generate inbuilt permissions for your new command:
These inbuilt permissions will be automatically generated by the Tauri build system and will be visible in the
permissions/autogenerated/commands
folder. By default anenable-<command>
anddeny-<command>
permission will be created. -
The previous step was to write the actual command implementation. Next we want to expose it to the frontend so it can be consumed.
Configure the Tauri builder to generate the invoke handler to pass frontend IPC requests to the newly implemented command:
Expose the new command in the frontend module.
This step is essential for the example application to successfully import the frontend module. This is for convenience and has no security impact, as the command handler is already generated and the command can be manually invoked from the frontend.
Make sure your package is built:
-
As our plugin should expose the
write_custom_file
command by default we should add this to ourdefault.toml
permission.Add this to our default permission set to allow the new command we just exposed.
-
The created plugin directory structure contains an
examples/tauri-app
folder, which has a ready to use Tauri application to test out the plugin.Since we added a new command we need to slightly modify the frontend to invoke our new command instead.
Running this and pressing the “Write” button you should be greeted with this:
And you should find a
test.txt
file in your temporary folder containing a message from our new implemented plugin command. 🥳
© 2025 Tauri Contributors. CC-BY / MIT