refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)

This makes the permission system more versatile.
author: David Sherret <dsherret@users.noreply.github.com> 2024-09-16 21:39:37 +0100
committer: GitHub <noreply@github.com> 2024-09-16 21:39:37 +0100
commit: 62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree: 6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/fs/lib.rs
parent: e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)
1 files changed, 64 insertions, 16 deletions
diff --git a/ext/fs/lib.rs b/ext/fs/lib.rs
index a6f273323..bd49078b2 100644
--- a/ext/fs/lib.rs
+++ b/ext/fs/lib.rs
@@ -24,6 +24,7 @@ use deno_core::error::AnyError;
 use deno_io::fs::FsError;
 use std::borrow::Cow;
 use std::path::Path;
+use std::path::PathBuf;
 
 pub trait FsPermissions {
   fn check_open<'a>(
@@ -34,8 +35,18 @@ pub trait FsPermissions {
     path: &'a Path,
     api_name: &str,
   ) -> Result<std::borrow::Cow<'a, Path>, FsError>;
-  fn check_read(&mut self, path: &Path, api_name: &str)
-    -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_read(
+    &mut self,
+    path: &str,
+    api_name: &str,
+  ) -> Result<PathBuf, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_read_path<'a>(
+    &mut self,
+    path: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError>;
   fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError>;
   fn check_read_blind(
     &mut self,
@@ -43,16 +54,24 @@ pub trait FsPermissions {
     display: &str,
     api_name: &str,
   ) -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_write(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError>;
+  ) -> Result<PathBuf, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_write_path<'a>(
+    &mut self,
+    path: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_write_partial(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError>;
+  ) -> Result<PathBuf, AnyError>;
   fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError>;
   fn check_write_blind(
     &mut self,
@@ -96,25 +115,44 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
 
     // If somehow read or write aren't specified, use read
     let read = read || !write;
+    let mut path: Cow<'a, Path> = Cow::Borrowed(path);
     if read {
-      FsPermissions::check_read(self, path, api_name)
+      let resolved_path = FsPermissions::check_read_path(self, &path, api_name)
         .map_err(|_| FsError::NotCapable("read"))?;
+      if let Cow::Owned(resolved_path) = resolved_path {
+        path = Cow::Owned(resolved_path);
+      }
     }
     if write {
-      FsPermissions::check_write(self, path, api_name)
-        .map_err(|_| FsError::NotCapable("write"))?;
+      let resolved_path =
+        FsPermissions::check_write_path(self, &path, api_name)
+          .map_err(|_| FsError::NotCapable("write"))?;
+      if let Cow::Owned(resolved_path) = resolved_path {
+        path = Cow::Owned(resolved_path);
+      }
     }
-    Ok(Cow::Borrowed(path))
+    Ok(path)
   }
 
   fn check_read(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_read(self, path, api_name)
   }
 
+  fn check_read_path<'a>(
+    &mut self,
+    path: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError> {
+    deno_permissions::PermissionsContainer::check_read_path(
+      self,
+      path,
+      Some(api_name),
+    )
+  }
   fn check_read_blind(
     &mut self,
     path: &Path,
@@ -128,17 +166,27 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
 
   fn check_write(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_write(self, path, api_name)
   }
 
+  fn check_write_path<'a>(
+    &mut self,
+    path: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError> {
+    deno_permissions::PermissionsContainer::check_write_path(
+      self, path, api_name,
+    )
+  }
+
   fn check_write_partial(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_write_partial(
       self, path, api_name,
     )
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-16 21:39:37 +0100
committer	GitHub <noreply@github.com>	2024-09-16 21:39:37 +0100
commit	62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree	6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/fs/lib.rs
parent	e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)