refactor: bury descriptor parsing in PermissionsContainer (#25936)

Closes https://github.com/denoland/deno/issues/25634

2 files changed, 25 insertions, 186 deletions

diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs
index 9b46dd019..1dbc85259 100644
--- a/runtime/ops/permissions.rs
+++ b/runtime/ops/permissions.rs
@@ -1,7 +1,5 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
-use ::deno_permissions::parse_sys_kind;
-use ::deno_permissions::PermissionDescriptorParser;
 use ::deno_permissions::PermissionState;
 use ::deno_permissions::PermissionsContainer;
 use deno_core::error::custom_error;
@@ -10,7 +8,6 @@ use deno_core::op2;
 use deno_core::OpState;
 use serde::Deserialize;
 use serde::Serialize;
-use std::sync::Arc;
 
 deno_core::extension!(
   deno_permissions,
@@ -19,12 +16,6 @@ deno_core::extension!(
     op_revoke_permission,
     op_request_permission,
   ],
-  options = {
-    permission_desc_parser: Arc<dyn PermissionDescriptorParser>,
-  },
-  state = |state, options| {
-    state.put(options.permission_desc_parser);
-  },
 );
 
 #[derive(Deserialize)]
@@ -62,62 +53,15 @@ pub fn op_query_permission(
   state: &mut OpState,
   #[serde] args: PermissionArgs,
 ) -> Result<PermissionStatus, AnyError> {
-  let permissions_container = state.borrow::<PermissionsContainer>();
-  // todo(dsherret): don't have this function use the properties of
-  // permission container
-  let desc_parser = &permissions_container.descriptor_parser;
-  let permissions = permissions_container.inner.lock();
-  let path = args.path.as_deref();
+  let permissions = state.borrow::<PermissionsContainer>();
   let perm = match args.name.as_ref() {
-    "read" => permissions.read.query(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_read(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "write" => permissions.write.query(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_write(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "net" => permissions.net.query(
-      match args.host.as_deref() {
-        None => None,
-        Some(h) => Some(desc_parser.parse_net_descriptor(h)?),
-      }
-      .as_ref(),
-    ),
-    "env" => permissions.env.query(args.variable.as_deref()),
-    "sys" => permissions
-      .sys
-      .query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
-    "run" => permissions.run.query(
-      args
-        .command
-        .as_deref()
-        .map(|request| desc_parser.parse_run_query(request))
-        .transpose()?
-        .as_ref(),
-    ),
-    "ffi" => permissions.ffi.query(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_ffi(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
+    "read" => permissions.query_read(args.path.as_deref())?,
+    "write" => permissions.query_write(args.path.as_deref())?,
+    "net" => permissions.query_net(args.host.as_deref())?,
+    "env" => permissions.query_env(args.variable.as_deref()),
+    "sys" => permissions.query_sys(args.kind.as_deref())?,
+    "run" => permissions.query_run(args.command.as_deref())?,
+    "ffi" => permissions.query_ffi(args.path.as_deref())?,
     n => {
       return Err(custom_error(
         "ReferenceError",
@@ -134,62 +78,15 @@ pub fn op_revoke_permission(
   state: &mut OpState,
   #[serde] args: PermissionArgs,
 ) -> Result<PermissionStatus, AnyError> {
-  // todo(dsherret): don't have this function use the properties of
-  // permission container
-  let permissions_container = state.borrow_mut::<PermissionsContainer>();
-  let desc_parser = &permissions_container.descriptor_parser;
-  let mut permissions = permissions_container.inner.lock();
-  let path = args.path.as_deref();
+  let permissions = state.borrow::<PermissionsContainer>();
   let perm = match args.name.as_ref() {
-    "read" => permissions.read.revoke(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_read(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "write" => permissions.write.revoke(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_write(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "net" => permissions.net.revoke(
-      match args.host.as_deref() {
-        None => None,
-        Some(h) => Some(desc_parser.parse_net_descriptor(h)?),
-      }
-      .as_ref(),
-    ),
-    "env" => permissions.env.revoke(args.variable.as_deref()),
-    "sys" => permissions
-      .sys
-      .revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
-    "run" => permissions.run.revoke(
-      args
-        .command
-        .as_deref()
-        .map(|request| desc_parser.parse_run_query(request))
-        .transpose()?
-        .as_ref(),
-    ),
-    "ffi" => permissions.ffi.revoke(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_ffi(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
+    "read" => permissions.revoke_read(args.path.as_deref())?,
+    "write" => permissions.revoke_write(args.path.as_deref())?,
+    "net" => permissions.revoke_net(args.host.as_deref())?,
+    "env" => permissions.revoke_env(args.variable.as_deref()),
+    "sys" => permissions.revoke_sys(args.kind.as_deref())?,
+    "run" => permissions.revoke_run(args.command.as_deref())?,
+    "ffi" => permissions.revoke_ffi(args.path.as_deref())?,
     n => {
       return Err(custom_error(
         "ReferenceError",
@@ -206,62 +103,15 @@ pub fn op_request_permission(
   state: &mut OpState,
   #[serde] args: PermissionArgs,
 ) -> Result<PermissionStatus, AnyError> {
-  // todo(dsherret): don't have this function use the properties of
-  // permission container
-  let permissions_container = state.borrow_mut::<PermissionsContainer>();
-  let desc_parser = &permissions_container.descriptor_parser;
-  let mut permissions = permissions_container.inner.lock();
-  let path = args.path.as_deref();
+  let permissions = state.borrow::<PermissionsContainer>();
   let perm = match args.name.as_ref() {
-    "read" => permissions.read.request(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_read(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "write" => permissions.write.request(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_write(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
-    "net" => permissions.net.request(
-      match args.host.as_deref() {
-        None => None,
-        Some(h) => Some(desc_parser.parse_net_descriptor(h)?),
-      }
-      .as_ref(),
-    ),
-    "env" => permissions.env.request(args.variable.as_deref()),
-    "sys" => permissions
-      .sys
-      .request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
-    "run" => permissions.run.request(
-      args
-        .command
-        .as_deref()
-        .map(|request| desc_parser.parse_run_query(request))
-        .transpose()?
-        .as_ref(),
-    ),
-    "ffi" => permissions.ffi.request(
-      path
-        .map(|path| {
-          Result::<_, AnyError>::Ok(
-            desc_parser.parse_path_query(path)?.into_ffi(),
-          )
-        })
-        .transpose()?
-        .as_ref(),
-    ),
+    "read" => permissions.request_read(args.path.as_deref())?,
+    "write" => permissions.request_write(args.path.as_deref())?,
+    "net" => permissions.request_net(args.host.as_deref())?,
+    "env" => permissions.request_env(args.variable.as_deref()),
+    "sys" => permissions.request_sys(args.kind.as_deref())?,
+    "run" => permissions.request_run(args.command.as_deref())?,
+    "ffi" => permissions.request_ffi(args.path.as_deref())?,
     n => {
       return Err(custom_error(
         "ReferenceError",
diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs
index 3c0035645..b9fd06654 100644
--- a/runtime/ops/worker_host.rs
+++ b/runtime/ops/worker_host.rs
@@ -17,9 +17,7 @@ use deno_core::CancelFuture;
 use deno_core::CancelHandle;
 use deno_core::ModuleSpecifier;
 use deno_core::OpState;
-use deno_permissions::create_child_permissions;
 use deno_permissions::ChildPermissionsArg;
-use deno_permissions::PermissionDescriptorParser;
 use deno_permissions::PermissionsContainer;
 use deno_web::deserialize_js_transferables;
 use deno_web::JsMessageData;
@@ -154,19 +152,10 @@ fn op_create_worker(
       "Worker.deno.permissions",
     );
   }
-  let permission_desc_parser = state
-    .borrow::<Arc<dyn PermissionDescriptorParser>>()
-    .clone();
   let parent_permissions = state.borrow_mut::<PermissionsContainer>();
   let worker_permissions = if let Some(child_permissions_arg) = args.permissions
   {
-    let mut parent_permissions = parent_permissions.inner.lock();
-    let perms = create_child_permissions(
-      permission_desc_parser.as_ref(),
-      &mut parent_permissions,
-      child_permissions_arg,
-    )?;
-    PermissionsContainer::new(permission_desc_parser, perms)
+    parent_permissions.create_child_permissions(child_permissions_arg)?
   } else {
     parent_permissions.clone()
   };