refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)

This makes the permission system more versatile.
author: David Sherret <dsherret@users.noreply.github.com> 2024-09-16 21:39:37 +0100
committer: GitHub <noreply@github.com> 2024-09-16 21:39:37 +0100
commit: 62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree: 6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/net/lib.rs
parent: e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)
1 files changed, 36 insertions, 9 deletions
diff --git a/ext/net/lib.rs b/ext/net/lib.rs
index 098d220db..0ef3e85c4 100644
--- a/ext/net/lib.rs
+++ b/ext/net/lib.rs
@@ -13,6 +13,7 @@ use deno_core::error::AnyError;
 use deno_core::OpState;
 use deno_tls::rustls::RootCertStore;
 use deno_tls::RootCertStoreProvider;
+use std::borrow::Cow;
 use std::path::Path;
 use std::path::PathBuf;
 use std::sync::Arc;
@@ -22,12 +23,27 @@ pub const UNSTABLE_FEATURE_NAME: &str = "net";
 pub trait NetPermissions {
   fn check_net<T: AsRef<str>>(
     &mut self,
-    _host: &(T, Option<u16>),
-    _api_name: &str,
+    host: &(T, Option<u16>),
+    api_name: &str,
   ) -> Result<(), AnyError>;
-  fn check_read(&mut self, _p: &Path, _api_name: &str) -> Result<(), AnyError>;
-  fn check_write(&mut self, _p: &Path, _api_name: &str)
-    -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_read(
+    &mut self,
+    p: &str,
+    api_name: &str,
+  ) -> Result<PathBuf, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_write(
+    &mut self,
+    p: &str,
+    api_name: &str,
+  ) -> Result<PathBuf, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_write_path<'a>(
+    &mut self,
+    p: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError>;
 }
 
 impl NetPermissions for deno_permissions::PermissionsContainer {
@@ -43,20 +59,31 @@ impl NetPermissions for deno_permissions::PermissionsContainer {
   #[inline(always)]
   fn check_read(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_read(self, path, api_name)
   }
 
   #[inline(always)]
   fn check_write(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_write(self, path, api_name)
   }
+
+  #[inline(always)]
+  fn check_write_path<'a>(
+    &mut self,
+    path: &'a Path,
+    api_name: &str,
+  ) -> Result<Cow<'a, Path>, AnyError> {
+    deno_permissions::PermissionsContainer::check_write_path(
+      self, path, api_name,
+    )
+  }
 }
 
 /// Helper for checking unstable features. Used for sync ops.
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-16 21:39:37 +0100
committer	GitHub <noreply@github.com>	2024-09-16 21:39:37 +0100
commit	62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree	6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/net/lib.rs
parent	e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)