diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2024-09-16 21:39:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-16 21:39:37 +0100 |
| commit | 62e952559f600e72d7498c9b12f906cb0b1ba150 (patch) | |
| tree | 6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /cli/ops | |
| parent | e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff) | |
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
Diffstat (limited to 'cli/ops')
| -rw-r--r-- | cli/ops/bench.rs | 19 | ||||
| -rw-r--r-- | cli/ops/testing.rs | 19 |
2 files changed, 28 insertions, 10 deletions
diff --git a/cli/ops/bench.rs b/cli/ops/bench.rs index 5521253ff..edd8c118c 100644 --- a/cli/ops/bench.rs +++ b/cli/ops/bench.rs @@ -2,6 +2,7 @@ use std::sync::atomic::AtomicUsize; use std::sync::atomic::Ordering; +use std::sync::Arc; use std::time; use deno_core::error::generic_error; @@ -13,6 +14,7 @@ use deno_core::ModuleSpecifier; use deno_core::OpState; use deno_runtime::deno_permissions::create_child_permissions; use deno_runtime::deno_permissions::ChildPermissionsArg; +use deno_runtime::deno_permissions::PermissionDescriptorParser; use deno_runtime::deno_permissions::PermissionsContainer; use tokio::sync::mpsc::UnboundedSender; use uuid::Uuid; @@ -59,11 +61,18 @@ pub fn op_pledge_test_permissions( #[serde] args: ChildPermissionsArg, ) -> Result<Uuid, AnyError> { let token = Uuid::new_v4(); + let permission_desc_parser = state + .borrow::<Arc<dyn PermissionDescriptorParser>>() + .clone(); let parent_permissions = state.borrow_mut::<PermissionsContainer>(); let worker_permissions = { - let mut parent_permissions = parent_permissions.0.lock(); - let perms = create_child_permissions(&mut parent_permissions, args)?; - PermissionsContainer::new(perms) + let mut parent_permissions = parent_permissions.inner.lock(); + let perms = create_child_permissions( + permission_desc_parser.as_ref(), + &mut parent_permissions, + args, + )?; + PermissionsContainer::new(permission_desc_parser, perms) }; let parent_permissions = parent_permissions.clone(); @@ -74,7 +83,7 @@ pub fn op_pledge_test_permissions( state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions)); // NOTE: This call overrides current permission set for the worker - state.put(worker_permissions.0.clone()); + state.put(worker_permissions.inner.clone()); state.put::<PermissionsContainer>(worker_permissions); Ok(token) @@ -91,7 +100,7 @@ pub fn op_restore_test_permissions( } let permissions = permissions_holder.1; - state.put(permissions.0.clone()); + state.put(permissions.inner.clone()); state.put::<PermissionsContainer>(permissions); Ok(()) } else { diff --git a/cli/ops/testing.rs b/cli/ops/testing.rs index b8839a6f8..6a8d31006 100644 --- a/cli/ops/testing.rs +++ b/cli/ops/testing.rs @@ -18,9 +18,11 @@ use deno_core::ModuleSpecifier; use deno_core::OpState; use deno_runtime::deno_permissions::create_child_permissions; use deno_runtime::deno_permissions::ChildPermissionsArg; +use deno_runtime::deno_permissions::PermissionDescriptorParser; use deno_runtime::deno_permissions::PermissionsContainer; use std::sync::atomic::AtomicUsize; use std::sync::atomic::Ordering; +use std::sync::Arc; use uuid::Uuid; deno_core::extension!(deno_test, @@ -54,11 +56,18 @@ pub fn op_pledge_test_permissions( #[serde] args: ChildPermissionsArg, ) -> Result<Uuid, AnyError> { let token = Uuid::new_v4(); + let permission_desc_parser = state + .borrow::<Arc<dyn PermissionDescriptorParser>>() + .clone(); let parent_permissions = state.borrow_mut::<PermissionsContainer>(); let worker_permissions = { - let mut parent_permissions = parent_permissions.0.lock(); - let perms = create_child_permissions(&mut parent_permissions, args)?; - PermissionsContainer::new(perms) + let mut parent_permissions = parent_permissions.inner.lock(); + let perms = create_child_permissions( + permission_desc_parser.as_ref(), + &mut parent_permissions, + args, + )?; + PermissionsContainer::new(permission_desc_parser, perms) }; let parent_permissions = parent_permissions.clone(); @@ -68,7 +77,7 @@ pub fn op_pledge_test_permissions( state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions)); // NOTE: This call overrides current permission set for the worker - state.put(worker_permissions.0.clone()); + state.put(worker_permissions.inner.clone()); state.put::<PermissionsContainer>(worker_permissions); Ok(token) @@ -85,7 +94,7 @@ pub fn op_restore_test_permissions( } let permissions = permissions_holder.1; - state.put(permissions.0.clone()); + state.put(permissions.inner.clone()); state.put::<PermissionsContainer>(permissions); Ok(()) } else { |