refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)

This makes the permission system more versatile.
author: David Sherret <dsherret@users.noreply.github.com> 2024-09-16 21:39:37 +0100
committer: GitHub <noreply@github.com> 2024-09-16 21:39:37 +0100
commit: 62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree: 6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/node/lib.rs
parent: e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)
1 files changed, 26 insertions, 9 deletions
diff --git a/ext/node/lib.rs b/ext/node/lib.rs
index 75581c128..fd9d4f9af 100644
--- a/ext/node/lib.rs
+++ b/ext/node/lib.rs
@@ -3,8 +3,10 @@
 #![deny(clippy::print_stderr)]
 #![deny(clippy::print_stdout)]
 
+use std::borrow::Cow;
 use std::collections::HashSet;
 use std::path::Path;
+use std::path::PathBuf;
 
 use deno_core::error::AnyError;
 use deno_core::located_script_name;
@@ -49,21 +51,29 @@ pub trait NodePermissions {
     url: &Url,
     api_name: &str,
   ) -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   #[inline(always)]
-  fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
+  fn check_read(&mut self, path: &str) -> Result<PathBuf, AnyError> {
     self.check_read_with_api_name(path, None)
   }
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_read_with_api_name(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: Option<&str>,
-  ) -> Result<(), AnyError>;
+  ) -> Result<PathBuf, AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_read_path<'a>(
+    &mut self,
+    path: &'a Path,
+  ) -> Result<Cow<'a, Path>, AnyError>;
   fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_write_with_api_name(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: Option<&str>,
-  ) -> Result<(), AnyError>;
+  ) -> Result<PathBuf, AnyError>;
 }
 
 impl NodePermissions for deno_permissions::PermissionsContainer {
@@ -79,20 +89,27 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
   #[inline(always)]
   fn check_read_with_api_name(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: Option<&str>,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_read_with_api_name(
       self, path, api_name,
     )
   }
 
+  fn check_read_path<'a>(
+    &mut self,
+    path: &'a Path,
+  ) -> Result<Cow<'a, Path>, AnyError> {
+    deno_permissions::PermissionsContainer::check_read_path(self, path, None)
+  }
+
   #[inline(always)]
   fn check_write_with_api_name(
     &mut self,
-    path: &Path,
+    path: &str,
     api_name: Option<&str>,
-  ) -> Result<(), AnyError> {
+  ) -> Result<PathBuf, AnyError> {
     deno_permissions::PermissionsContainer::check_write_with_api_name(
       self, path, api_name,
     )
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-16 21:39:37 +0100
committer	GitHub <noreply@github.com>	2024-09-16 21:39:37 +0100
commit	62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree	6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/node/lib.rs
parent	e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)