Allow inspection and revocation of permissions (#1875)

1 files changed, 74 insertions, 0 deletions

diff --git a/js/permissions.ts b/js/permissions.ts
new file mode 100644
index 000000000..6acb80b1f
--- /dev/null
+++ b/js/permissions.ts
@@ -0,0 +1,74 @@
+// Copyright 2018-2019 the Deno authors. All rights reserved. MIT license.
+import * as msg from "gen/msg_generated";
+import * as flatbuffers from "./flatbuffers";
+import * as dispatch from "./dispatch";
+import { assert } from "./util";
+
+/** Permissions as granted by the caller */
+export type Permissions = {
+  read: boolean;
+  write: boolean;
+  net: boolean;
+  env: boolean;
+  run: boolean;
+
+  // NOTE: Keep in sync with src/permissions.rs
+};
+
+export type Permission = keyof Permissions;
+
+/** Inspect granted permissions for the current program.
+ *
+ *       if (Deno.permissions().read) {
+ *         const file = await Deno.readFile("example.test");
+ *         // ...
+ *       }
+ */
+export function permissions(): Permissions {
+  const baseRes = dispatch.sendSync(...getReq())!;
+  assert(msg.Any.PermissionsRes === baseRes.innerType());
+  const res = new msg.PermissionsRes();
+  assert(baseRes.inner(res) != null);
+  // TypeScript cannot track assertion above, therefore not null assertion
+  return createPermissions(res);
+}
+
+/** Revoke a permission. When the permission was already revoked nothing changes
+ *
+ *       if (Deno.permissions().read) {
+ *         const file = await Deno.readFile("example.test");
+ *         Deno.revokePermission('read');
+ *       }
+ *       Deno.readFile("example.test"); // -> error or permission prompt
+ */
+export function revokePermission(permission: Permission): void {
+  dispatch.sendSync(...revokeReq(permission));
+}
+
+function createPermissions(inner: msg.PermissionsRes): Permissions {
+  return {
+    read: inner.read(),
+    write: inner.write(),
+    net: inner.net(),
+    env: inner.env(),
+    run: inner.run()
+  };
+}
+
+function getReq(): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
+  const builder = flatbuffers.createBuilder();
+  msg.Permissions.startPermissions(builder);
+  const inner = msg.Permissions.endPermissions(builder);
+  return [builder, msg.Any.Permissions, inner];
+}
+
+function revokeReq(
+  permission: string
+): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
+  const builder = flatbuffers.createBuilder();
+  const permission_ = builder.createString(permission);
+  msg.PermissionRevoke.startPermissionRevoke(builder);
+  msg.PermissionRevoke.addPermission(builder, permission_);
+  const inner = msg.PermissionRevoke.endPermissionRevoke(builder);
+  return [builder, msg.Any.PermissionRevoke, inner];
+}