tauri_utils::acl::capability

Struct Capability

Source 
pub struct Capability {
    pub identifier: String,
    pub description: String,
    pub remote: Option<CapabilityRemote>,
    pub local: bool,
    pub windows: Vec<String>,
    pub webviews: Vec<String>,
    pub permissions: Vec<PermissionEntry>,
    pub platforms: Option<Vec<Target>>,
}
Expand description

A grouping and boundary mechanism developers can use to isolate access to the IPC layer.

It controls application windows’ and webviews’ fine grained access to the Tauri core, application, or plugin commands. If a webview or its window is not matching any capability then it has no access to the IPC layer at all.

This can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. main-window) or glob patterns like * or admin-*. A Window can have none, one, or multiple associated capabilities.

§Example

{
  "identifier": "main-user-files-write",
  "description": "This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.",
  "windows": [
    "main"
  ],
  "permissions": [
    "core:default",
    "dialog:open",
    {
      "identifier": "fs:allow-write-text-file",
      "allow": [{ "path": "$HOME/test.txt" }]
    },
  ],
  "platforms": ["macOS","windows"]
}

Fields§

§identifier: String

Identifier of the capability.

§Example

main-user-files-write

§description: String

Description of what the capability is intended to allow on associated windows.

It should contain a description of what the grouped permissions should allow.

§Example

This capability allows the main window access to filesystem write related commands and dialog commands to enable programatic access to files selected by the user.

§remote: Option<CapabilityRemote>

Configure remote URLs that can use the capability permissions.

This setting is optional and defaults to not being set, as our default use case is that the content is served from our local application.

:::caution Make sure you understand the security implications of providing remote sources with local system access. :::

§Example

{
  "urls": ["https://*.mydomain.dev"]
}
§local: bool

Whether this capability is enabled for local app URLs or not. Defaults to true.

§windows: Vec<String>

List of windows that are affected by this capability. Can be a glob pattern.

If a window label matches any of the patterns in this list, the capability will be enabled on all the webviews of that window, regardless of the value of Self::webviews.

On multiwebview windows, prefer specifying Self::webviews and omitting Self::windows for a fine grained access control.

§Example

["main"]

§webviews: Vec<String>

List of webviews that are affected by this capability. Can be a glob pattern.

The capability will be enabled on all the webviews whose label matches any of the patterns in this list, regardless of whether the webview’s window label matches a pattern in Self::windows.

§Example

["sub-webview-one", "sub-webview-two"]

§permissions: Vec<PermissionEntry>

List of permissions attached to this capability.

Must include the plugin name as prefix in the form of ${plugin-name}:${permission-name}. For commands directly implemented in the application itself only ${permission-name} is required.

§Example

[
  "core:default",
  "shell:allow-open",
  "dialog:open",
  {
    "identifier": "fs:allow-write-text-file",
    "allow": [{ "path": "$HOME/test.txt" }]
  }
]
§platforms: Option<Vec<Target>>

Limit which target platforms this capability applies to.

By default all platforms are targeted.

§Example

["macOS","windows"]

Implementations§

Source§

impl Capability

Source

pub fn is_active(&self, target: &Target) -> bool

Whether this capability should be active based on the platform target or not.

Trait Implementations§

Source§

impl Clone for Capability

Source§

fn clone(&self) -> Capability

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Capability

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Capability

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for Capability

Source§

fn eq(&self, other: &Capability) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for Capability

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for Capability

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Serialize for T
where T: Serialize + ?Sized,

Source§

fn erased_serialize(&self, serializer: &mut dyn Serializer) -> Result<(), Error>

Source§

fn do_erased_serialize( &self, serializer: &mut dyn Serializer, ) -> Result<(), ErrorImpl>

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T