refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)

This makes the permission system more versatile.

1 files changed, 8 insertions, 8 deletions

diff --git a/ext/napi/lib.rs b/ext/napi/lib.rs
index c9dc62a8b..4500c66fd 100644
--- a/ext/napi/lib.rs
+++ b/ext/napi/lib.rs
@@ -16,7 +16,6 @@ use deno_core::OpState;
 use deno_core::V8CrossThreadTaskSpawner;
 use std::cell::RefCell;
 use std::collections::HashMap;
-use std::path::Path;
 use std::path::PathBuf;
 use std::rc::Rc;
 use std::thread_local;
@@ -482,15 +481,15 @@ deno_core::extension!(deno_napi,
 );
 
 pub trait NapiPermissions {
-  fn check(&mut self, path: Option<&Path>)
-    -> std::result::Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check(&mut self, path: &str) -> std::result::Result<PathBuf, AnyError>;
 }
 
 // NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might
 // change in the future.
 impl NapiPermissions for deno_permissions::PermissionsContainer {
   #[inline(always)]
-  fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
+  fn check(&mut self, path: &str) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_ffi(self, path)
   }
 }
@@ -501,7 +500,7 @@ unsafe impl Send for NapiModuleHandle {}
 struct NapiModuleHandle(*const NapiModule);
 
 static NAPI_LOADED_MODULES: std::sync::LazyLock<
-  RwLock<HashMap<String, NapiModuleHandle>>,
+  RwLock<HashMap<PathBuf, NapiModuleHandle>>,
 > = std::sync::LazyLock::new(|| RwLock::new(HashMap::new()));
 
 #[op2(reentrant)]
@@ -519,15 +518,16 @@ where
 {
   // We must limit the OpState borrow because this function can trigger a
   // re-borrow through the NAPI module.
-  let (async_work_sender, cleanup_hooks, external_ops_tracker) = {
+  let (async_work_sender, cleanup_hooks, external_ops_tracker, path) = {
     let mut op_state = op_state.borrow_mut();
     let permissions = op_state.borrow_mut::<NP>();
-    permissions.check(Some(&PathBuf::from(&path)))?;
+    let path = permissions.check(&path)?;
     let napi_state = op_state.borrow::<NapiState>();
     (
       op_state.borrow::<V8CrossThreadTaskSpawner>().clone(),
       napi_state.env_cleanup_hooks.clone(),
       op_state.external_ops_tracker.clone(),
+      path,
     )
   };
 
@@ -612,7 +612,7 @@ where
   } else {
     return Err(type_error(format!(
       "Unable to find register Node-API module at {}",
-      path
+      path.display()
     )));
   };