#How do disallow files/directories in Tauri/FsScope?

I see that the API allows adding paths to scope but is it possible to remove paths? Could this be a possible feature or and if so could this be something I can contribute to?

For reference:
https://docs.rs/tauri/latest/tauri/scope/struct.FsScope.html

You currently can only forbid paths not make it "forget" allowed paths. This goes both ways so for example if you forbid a path you can never allow it again

imo a new function that can just remove allowed and/or forbidden paths from the scope would be a super nice (and necessary) addition

i also thought there was a github issue about this already but i can't find it anywhere rn

I couldn't find the issue either but I did take a look at fs.rs and was able to implement it naively by just getting the same glob patterns for a given path and removing it from the hashmap being used, similar to how forbid works. You think this is enough to make a pull request?

Also, I saw that you made comments on a related issue with persisted-scope plugin. (https://github.com/tauri-apps/plugins-workspace/pull/32) Just thought I would mention that my approach is to instead of serializing the scope patterns and messing with regex, just serialize the path received from the FsScopeEvent and then reapplying by calling allow_x when needed. Have any thoughts?

just serialize the path received from the FsScopeEvent and then reapplying by calling allow_x when needed. Have any thoughts?
iirc the allow_x / deny_x functions don't accept globs which is what this pr mainly tries to solve.

though i'm not 100% sure if that's actually the case or just a side effect from the escape symbol bug we've had

should actually investigate that stuff again before merging the pr

yeah, no. looking at the scope source code it should always escape the globs in allow_file, disabling globs effectively (still will actually try it just to be sure)

I meant to link this one actually: https://github.com/tauri-apps/plugins-workspace/issues/25

And I meant to say that regardless of how it deals with glob patterns, the issue with the serialized pattern file exploding was solved for me by just storing the original path instead of the expanded glob patterns. This way the persisted-scope plugin could call allow_x, forbid_x with same argument that it received, if that makes sense. I don't know if that's a better approach but it works for me

ah right, i understand

the fix we use right now for sure isn't optimal, and ideally would not be necessary at all using your approach

but that's not the goal of the fix function. its primary purpose right now is to fix broken state files that already on users system

I see that makes sense

that said, iirc the scope events only provide the escaped patterns so in the plugin we'll have to unescape at least once either way if we don't want to change tauri itself (effectively making tauri do the unescaping - iirc there was a reason why it operates on the escaped paths but that's too long ago for me to remember)

And if I could ask for some advice since you seem very knowledgeable, how do you work around writing tests for both unix/windows for a change?

Not sure i understand your question. Do you mean rust unit tests in tauri's code base? Most of these tests are platform agnostic ig

Yeah, fs.rs has cfg(unix) tests. I am a noob to this so I was just wondering if it's standard practice to write / execute tests on different platforms?

let scope = new_scope();
#[cfg(unix)]
{
  scope.allow_file("/home/tauri/**").unwrap();
  assert!(scope.is_allowed("/home/tauri/**"));
  assert!(!scope.is_allowed("/home/tauri/**/file"));
  assert!(!scope.is_allowed("/home/tauri/anyfile"));
}
#[cfg(windows)]

right, that's one of the few cases where it makes sense to split it up per os because the path separator and fs root are different per os