Skip to content

fix(acl): rebase runtime-resolved scope ids past baked ACL #15291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
derek-knox wants to merge 16 commits into
base: dev
Choose a base branch
from
+118 −1
Open

fix(acl): rebase runtime-resolved scope ids past baked ACL #15291

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
e7a55b1
fix(acl): rebase runtime-resolved scope ids past baked ACL
derek-knox Apr 24, 2026
d7165c8
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 27, 2026
f1c7780
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 29, 2026
ade1d7e
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 29, 2026
fd2b638
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 29, 2026
6d82cf5
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 30, 2026
6562ecd
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 30, 2026
d16cca0
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox Apr 30, 2026
6dce431
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 1, 2026
b14907c
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 11, 2026
7a207c0
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 14, 2026
5c91727
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 15, 2026
ff6a6eb
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 15, 2026
d2ac357
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 17, 2026
f9897bc
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 18, 2026
9f764d1
Merge branch 'dev' into fix/dynamic-acl-scope-id-collision
derek-knox May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changes/fix-dynamic-acl-scope-id-collision.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"tauri": patch:bug
---

Fix runtime-resolved capabilities (feature `dynamic-acl`) colliding with the baked ACL: `Resolved::resolve` restarts `current_scope_id` at 0, so newly-resolved `scope_id`s overlapped existing ones and command scope entries were merged into the wrong plugin's bucket. Rebase by the current max `scope_id` so each runtime-added capability stays isolated.
114 changes: 113 additions & 1 deletion crates/tauri/src/ipc/authority.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,13 +171,23 @@ impl RuntimeAuthority {
}
}

let resolved = Resolved::resolve(
let mut resolved = Resolved::resolve(
&self.acl,
capabilities,
tauri_utils::platform::Target::current(),
)
.unwrap();

// Rebase fresh scope_ids past existing ones to avoid collisions on merge.
let scope_id_offset = self
.scope_manager
.command_scope
.keys()
.next_back()
.copied()
.unwrap_or(0);
rebase_scope_ids(&mut resolved, scope_id_offset);

// fill global scope
for (plugin, global_scope) in resolved.global_scope {
let global_scope_entry = self.scope_manager.global_scope.entry(plugin).or_default();
Expand Down Expand Up @@ -471,6 +481,26 @@ impl RuntimeAuthority {
}
}

/// Offset every `scope_id` in `resolved` by `offset`; a zero offset is a no-op.
#[cfg(feature = "dynamic-acl")]
fn rebase_scope_ids(resolved: &mut Resolved, offset: ScopeKey) {
if offset == 0 {
return;
}
resolved.command_scope = std::mem::take(&mut resolved.command_scope)
.into_iter()
.map(|(k, v)| (k + offset, v))
.collect();
for cmd in resolved
.allowed_commands
.values_mut()
.chain(resolved.denied_commands.values_mut())
.flatten()
{
cmd.scope_id = cmd.scope_id.map(|id| id + offset);
}
}

/// List of allowed and denied objects that match either the command-specific or plugin global scope criteria.
#[derive(Debug)]
pub struct ScopeValue<T: ScopeObject> {
Expand Down Expand Up @@ -1190,4 +1220,86 @@ mod tests {
"myplugin.my-command-webview-window not allowed on window \"main-*\", webview \"webview-*\", URL: http://localhost:123/\n\nallowed on: [windows: \"main-*\", webviews: \"webview-*\", URL: local], [windows: \"main-*\", webviews: \"webview-*\", URL: http://localhost:8080]\n\nreferenced by: capability: maincap, permission: allow-command || capability: maincap, permission: allow-command"
);
}

#[cfg(feature = "dynamic-acl")]
#[test]
fn rebase_scope_ids_shifts_keys_and_scope_ids() {
use tauri_utils::acl::resolved::ResolvedScope;

let mut resolved = Resolved {
command_scope: [(1, ResolvedScope::default()), (2, ResolvedScope::default())]
.into_iter()
.collect(),
allowed_commands: [(
"fetch".to_string(),
vec![
ResolvedCommand {
scope_id: Some(1),
..Default::default()
},
ResolvedCommand {
scope_id: None,
..Default::default()
},
],
)]
.into_iter()
.collect(),
denied_commands: [(
"fetch".to_string(),
vec![ResolvedCommand {
scope_id: Some(2),
..Default::default()
}],
)]
.into_iter()
.collect(),
..Default::default()
};

super::rebase_scope_ids(&mut resolved, 10);

assert_eq!(
resolved.command_scope.keys().copied().collect::<Vec<_>>(),
vec![11, 12]
);
let allowed = resolved.allowed_commands.get("fetch").unwrap();
assert_eq!(allowed[0].scope_id, Some(11));
assert_eq!(allowed[1].scope_id, None);
let denied = resolved.denied_commands.get("fetch").unwrap();
assert_eq!(denied[0].scope_id, Some(12));
}

#[cfg(feature = "dynamic-acl")]
#[test]
fn rebase_scope_ids_zero_offset_is_noop() {
use tauri_utils::acl::resolved::ResolvedScope;

let mut resolved = Resolved {
command_scope: [(1, ResolvedScope::default()), (5, ResolvedScope::default())]
.into_iter()
.collect(),
allowed_commands: [(
"fetch".to_string(),
vec![ResolvedCommand {
scope_id: Some(1),
..Default::default()
}],
)]
.into_iter()
.collect(),
..Default::default()
};

super::rebase_scope_ids(&mut resolved, 0);

assert_eq!(
resolved.command_scope.keys().copied().collect::<Vec<_>>(),
vec![1, 5]
);
assert_eq!(
resolved.allowed_commands.get("fetch").unwrap()[0].scope_id,
Some(1)
);
}
}