refactor(runtime/permissions): use concrete error types (#26464)

author: Leo Kettmeir <crowlkats@toaxl.com> 2024-11-04 09:17:21 -0800
committer: GitHub <noreply@github.com> 2024-11-04 09:17:21 -0800
commit: fe9f0ee5934871175758857899fe64e56c397fd5 (patch)
tree: ee770a45366d1b054e7429cea2eff56b04532830 /ext/node
parent: fb1d33a7111e45e9b414cfe922a5db5ee4daf3ea (diff)
4 files changed, 40 insertions, 47 deletions
diff --git a/ext/node/lib.rs b/ext/node/lib.rs
index db6d08e11..b08b0493b 100644
--- a/ext/node/lib.rs
+++ b/ext/node/lib.rs
@@ -24,6 +24,7 @@ pub mod ops;
 mod polyfill;
 
 pub use deno_package_json::PackageJson;
+use deno_permissions::PermissionCheckError;
 pub use node_resolver::PathClean;
 pub use ops::ipc::ChildPipeFd;
 pub use ops::ipc::IpcJsonStreamResource;
@@ -45,10 +46,13 @@ pub trait NodePermissions {
     &mut self,
     url: &Url,
     api_name: &str,
-  ) -> Result<(), AnyError>;
+  ) -> Result<(), PermissionCheckError>;
   #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   #[inline(always)]
-  fn check_read(&mut self, path: &str) -> Result<PathBuf, AnyError> {
+  fn check_read(
+    &mut self,
+    path: &str,
+  ) -> Result<PathBuf, PermissionCheckError> {
     self.check_read_with_api_name(path, None)
   }
   #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
@@ -56,20 +60,24 @@ pub trait NodePermissions {
     &mut self,
     path: &str,
     api_name: Option<&str>,
-  ) -> Result<PathBuf, AnyError>;
+  ) -> Result<PathBuf, PermissionCheckError>;
   #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_read_path<'a>(
     &mut self,
     path: &'a Path,
-  ) -> Result<Cow<'a, Path>, AnyError>;
+  ) -> Result<Cow<'a, Path>, PermissionCheckError>;
   fn query_read_all(&mut self) -> bool;
-  fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError>;
+  fn check_sys(
+    &mut self,
+    kind: &str,
+    api_name: &str,
+  ) -> Result<(), PermissionCheckError>;
   #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
   fn check_write_with_api_name(
     &mut self,
     path: &str,
     api_name: Option<&str>,
-  ) -> Result<PathBuf, AnyError>;
+  ) -> Result<PathBuf, PermissionCheckError>;
 }
 
 impl NodePermissions for deno_permissions::PermissionsContainer {
@@ -78,7 +86,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
     &mut self,
     url: &Url,
     api_name: &str,
-  ) -> Result<(), AnyError> {
+  ) -> Result<(), PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
   }
 
@@ -87,7 +95,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
     &mut self,
     path: &str,
     api_name: Option<&str>,
-  ) -> Result<PathBuf, AnyError> {
+  ) -> Result<PathBuf, PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_read_with_api_name(
       self, path, api_name,
     )
@@ -96,7 +104,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
   fn check_read_path<'a>(
     &mut self,
     path: &'a Path,
-  ) -> Result<Cow<'a, Path>, AnyError> {
+  ) -> Result<Cow<'a, Path>, PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_read_path(self, path, None)
   }
 
@@ -109,13 +117,17 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
     &mut self,
     path: &str,
     api_name: Option<&str>,
-  ) -> Result<PathBuf, AnyError> {
+  ) -> Result<PathBuf, PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_write_with_api_name(
       self, path, api_name,
     )
   }
 
-  fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError> {
+  fn check_sys(
+    &mut self,
+    kind: &str,
+    api_name: &str,
+  ) -> Result<(), PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_sys(self, kind, api_name)
   }
 }
diff --git a/ext/node/ops/fs.rs b/ext/node/ops/fs.rs
index 98b3c46a1..9c0e4e1cc 100644
--- a/ext/node/ops/fs.rs
+++ b/ext/node/ops/fs.rs
@@ -13,7 +13,7 @@ use crate::NodePermissions;
 #[derive(Debug, thiserror::Error)]
 pub enum FsError {
   #[error(transparent)]
-  Permission(deno_core::error::AnyError),
+  Permission(#[from] deno_permissions::PermissionCheckError),
   #[error("{0}")]
   Io(#[from] std::io::Error),
   #[cfg(windows)]
@@ -53,8 +53,7 @@ where
     let mut state = state.borrow_mut();
     let path = state
       .borrow_mut::<P>()
-      .check_read_with_api_name(&path, Some("node:fs.exists()"))
-      .map_err(FsError::Permission)?;
+      .check_read_with_api_name(&path, Some("node:fs.exists()"))?;
     (state.borrow::<FileSystemRc>().clone(), path)
   };
 
@@ -72,12 +71,10 @@ where
 {
   let path = state
     .borrow_mut::<P>()
-    .check_read_with_api_name(path, Some("node:fs.cpSync"))
-    .map_err(FsError::Permission)?;
+    .check_read_with_api_name(path, Some("node:fs.cpSync"))?;
   let new_path = state
     .borrow_mut::<P>()
-    .check_write_with_api_name(new_path, Some("node:fs.cpSync"))
-    .map_err(FsError::Permission)?;
+    .check_write_with_api_name(new_path, Some("node:fs.cpSync"))?;
 
   let fs = state.borrow::<FileSystemRc>();
   fs.cp_sync(&path, &new_path)?;
@@ -97,12 +94,10 @@ where
     let mut state = state.borrow_mut();
     let path = state
       .borrow_mut::<P>()
-      .check_read_with_api_name(&path, Some("node:fs.cpSync"))
-      .map_err(FsError::Permission)?;
+      .check_read_with_api_name(&path, Some("node:fs.cpSync"))?;
     let new_path = state
       .borrow_mut::<P>()
-      .check_write_with_api_name(&new_path, Some("node:fs.cpSync"))
-      .map_err(FsError::Permission)?;
+      .check_write_with_api_name(&new_path, Some("node:fs.cpSync"))?;
     (state.borrow::<FileSystemRc>().clone(), path, new_path)
   };
 
@@ -136,12 +131,10 @@ where
     let mut state = state.borrow_mut();
     let path = state
       .borrow_mut::<P>()
-      .check_read_with_api_name(&path, Some("node:fs.statfs"))
-      .map_err(FsError::Permission)?;
+      .check_read_with_api_name(&path, Some("node:fs.statfs"))?;
     state
       .borrow_mut::<P>()
-      .check_sys("statfs", "node:fs.statfs")
-      .map_err(FsError::Permission)?;
+      .check_sys("statfs", "node:fs.statfs")?;
     path
   };
   #[cfg(unix)]
@@ -279,8 +272,7 @@ where
 {
   let path = state
     .borrow_mut::<P>()
-    .check_write_with_api_name(path, Some("node:fs.lutimes"))
-    .map_err(FsError::Permission)?;
+    .check_write_with_api_name(path, Some("node:fs.lutimes"))?;
 
   let fs = state.borrow::<FileSystemRc>();
   fs.lutime_sync(&path, atime_secs, atime_nanos, mtime_secs, mtime_nanos)?;
@@ -303,8 +295,7 @@ where
     let mut state = state.borrow_mut();
     let path = state
       .borrow_mut::<P>()
-      .check_write_with_api_name(&path, Some("node:fs.lutimesSync"))
-      .map_err(FsError::Permission)?;
+      .check_write_with_api_name(&path, Some("node:fs.lutimesSync"))?;
     (state.borrow::<FileSystemRc>().clone(), path)
   };
 
@@ -326,8 +317,7 @@ where
 {
   let path = state
     .borrow_mut::<P>()
-    .check_write_with_api_name(&path, Some("node:fs.lchownSync"))
-    .map_err(FsError::Permission)?;
+    .check_write_with_api_name(&path, Some("node:fs.lchownSync"))?;
   let fs = state.borrow::<FileSystemRc>();
   fs.lchown_sync(&path, uid, gid)?;
   Ok(())
@@ -347,8 +337,7 @@ where
     let mut state = state.borrow_mut();
     let path = state
       .borrow_mut::<P>()
-      .check_write_with_api_name(&path, Some("node:fs.lchown"))
-      .map_err(FsError::Permission)?;
+      .check_write_with_api_name(&path, Some("node:fs.lchown"))?;
     (state.borrow::<FileSystemRc>().clone(), path)
   };
   fs.lchown_async(path, uid, gid).await?;
diff --git a/ext/node/ops/http.rs b/ext/node/ops/http.rs
index 730e1e482..69571078f 100644
--- a/ext/node/ops/http.rs
+++ b/ext/node/ops/http.rs
@@ -78,9 +78,7 @@ where
 
   {
     let permissions = state.borrow_mut::<P>();
-    permissions
-      .check_net_url(&url, "ClientRequest")
-      .map_err(FetchError::Permission)?;
+    permissions.check_net_url(&url, "ClientRequest")?;
   }
 
   let mut header_map = HeaderMap::new();
diff --git a/ext/node/ops/os/mod.rs b/ext/node/ops/os/mod.rs
index ea7e6b99f..d291277ad 100644
--- a/ext/node/ops/os/mod.rs
+++ b/ext/node/ops/os/mod.rs
@@ -14,7 +14,7 @@ pub enum OsError {
   #[error(transparent)]
   Priority(priority::PriorityError),
   #[error(transparent)]
-  Permission(deno_core::error::AnyError),
+  Permission(#[from] deno_permissions::PermissionCheckError),
   #[error("Failed to get cpu info")]
   FailedToGetCpuInfo,
   #[error("Failed to get user info")]
@@ -31,9 +31,7 @@ where
 {
   {
     let permissions = state.borrow_mut::<P>();
-    permissions
-      .check_sys("getPriority", "node:os.getPriority()")
-      .map_err(OsError::Permission)?;
+    permissions.check_sys("getPriority", "node:os.getPriority()")?;
   }
 
   priority::get_priority(pid).map_err(OsError::Priority)
@@ -50,9 +48,7 @@ where
 {
   {
     let permissions = state.borrow_mut::<P>();
-    permissions
-      .check_sys("setPriority", "node:os.setPriority()")
-      .map_err(OsError::Permission)?;
+    permissions.check_sys("setPriority", "node:os.setPriority()")?;
   }
 
   priority::set_priority(pid, priority).map_err(OsError::Priority)
@@ -266,9 +262,7 @@ where
 {
   {
     let permissions = state.borrow_mut::<P>();
-    permissions
-      .check_sys("cpus", "node:os.cpus()")
-      .map_err(OsError::Permission)?;
+    permissions.check_sys("cpus", "node:os.cpus()")?;
   }
 
   cpus::cpu_info().ok_or(OsError::FailedToGetCpuInfo)
author	Leo Kettmeir <crowlkats@toaxl.com>	2024-11-04 09:17:21 -0800
committer	GitHub <noreply@github.com>	2024-11-04 09:17:21 -0800
commit	fe9f0ee5934871175758857899fe64e56c397fd5 (patch)
tree	ee770a45366d1b054e7429cea2eff56b04532830 /ext/node
parent	fb1d33a7111e45e9b414cfe922a5db5ee4daf3ea (diff)