diff options
| -rw-r--r-- | Cargo.lock | 4 | ||||
| -rw-r--r-- | cli/mainrt.rs | 1 | ||||
| -rw-r--r-- | ext/fs/ops.rs | 9 | ||||
| -rw-r--r-- | runtime/permissions/lib.rs | 25 | ||||
| -rw-r--r-- | runtime/permissions/prompter.rs | 8 | ||||
| -rw-r--r-- | tests/specs/compile/permissions_denied/__test__.jsonc | 24 | ||||
| -rw-r--r-- | tests/specs/compile/permissions_denied/main.out | 2 | ||||
| -rw-r--r-- | tests/specs/compile/permissions_denied/main.ts | 1 | ||||
| -rw-r--r-- | tests/testdata/npm/deno_run_cowsay_no_permissions.out | 2 |
9 files changed, 67 insertions, 9 deletions
diff --git a/Cargo.lock b/Cargo.lock index d7feda5e6..d2202a7e7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2060,9 +2060,9 @@ dependencies = [ [[package]] name = "deno_unsync" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03ee1607db298c8f12124b345a52d5f2f504a7504c9d535f1d8f07127b237010" +checksum = "2f36b4ef61a04ce201b925a5dffa90f88437d37fee4836c758470dd15ba7f05e" dependencies = [ "parking_lot 0.12.3", "tokio", diff --git a/cli/mainrt.rs b/cli/mainrt.rs index fd03224be..02d58fcee 100644 --- a/cli/mainrt.rs +++ b/cli/mainrt.rs @@ -83,6 +83,7 @@ fn load_env_vars(env_vars: &IndexMap<String, String>) { } fn main() { + deno_runtime::deno_permissions::mark_standalone(); let args: Vec<_> = env::args_os().collect(); let standalone = standalone::extract_standalone(Cow::Owned(args)); let future = async move { diff --git a/ext/fs/ops.rs b/ext/fs/ops.rs index 57b0e0b9e..e8a074be5 100644 --- a/ext/fs/ops.rs +++ b/ext/fs/ops.rs @@ -67,7 +67,14 @@ fn map_permission_error( } else { (path.as_str(), "") }; - custom_error("PermissionDenied", format!("Requires {err} access to {path}{truncated}, run again with the --allow-{err} flag")) + let msg = if deno_permissions::is_standalone() { + format!( + "Requires {err} access to {path}{truncated}, specify the required permissions during compilation using `deno compile --allow-{err}`") + } else { + format!( + "Requires {err} access to {path}{truncated}, run again with the --allow-{err} flag") + }; + custom_error("PermissionDenied", msg) } err => Err::<(), _>(err) .context_path(operation, path) diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs index b0fa9eb10..55a94d909 100644 --- a/runtime/permissions/lib.rs +++ b/runtime/permissions/lib.rs @@ -12,6 +12,7 @@ use deno_core::serde::Deserialize; use deno_core::serde::Deserializer; use deno_core::serde::Serialize; use deno_core::serde_json; +use deno_core::unsync::sync::AtomicFlag; use deno_core::url; use deno_core::url::Url; use deno_core::ModuleSpecifier; @@ -132,14 +133,20 @@ impl PermissionState { } fn error(name: &str, info: impl FnOnce() -> Option<String>) -> AnyError { - custom_error( - "PermissionDenied", + let msg = if is_standalone() { + format!( + "Requires {}, specify the required permissions during compilation using `deno compile --allow-{}`", + Self::fmt_access(name, info), + name + ) + } else { format!( "Requires {}, run again with the --allow-{} flag", Self::fmt_access(name, info), name - ), - ) + ) + }; + custom_error("PermissionDenied", msg) } /// Check the permission state. bool is whether a prompt was issued. @@ -2313,6 +2320,16 @@ pub fn create_child_permissions( Ok(worker_perms) } +static IS_STANDALONE: AtomicFlag = AtomicFlag::lowered(); + +pub fn mark_standalone() { + IS_STANDALONE.raise(); +} + +pub fn is_standalone() -> bool { + IS_STANDALONE.is_raised() +} + #[cfg(test)] mod tests { use super::*; diff --git a/runtime/permissions/prompter.rs b/runtime/permissions/prompter.rs index 050902d59..e48e0af10 100644 --- a/runtime/permissions/prompter.rs +++ b/runtime/permissions/prompter.rs @@ -11,6 +11,8 @@ use std::io::StderrLock; use std::io::StdinLock; use std::io::Write as IoWrite; +use crate::is_standalone; + /// Helper function to make control characters visible so users can see the underlying filename. fn escape_control_characters(s: &str) -> std::borrow::Cow<str> { if !s.contains(|c: char| c.is_ascii_control() || c.is_control()) { @@ -339,7 +341,11 @@ impl PermissionPrompter for TtyPrompter { )) ); writeln!(&mut output, "┠─ {}", colors::italic(&msg)).unwrap(); - let msg = format!("Run again with --allow-{name} to bypass this prompt."); + let msg = if is_standalone() { + format!("Specify the required permissions during compile time using `deno compile --allow-{name}`.") + } else { + format!("Run again with --allow-{name} to bypass this prompt.") + }; writeln!(&mut output, "┠─ {}", colors::italic(&msg)).unwrap(); write!(&mut output, "┗ {}", colors::bold("Allow?")).unwrap(); write!(&mut output, " {opts} > ").unwrap(); diff --git a/tests/specs/compile/permissions_denied/__test__.jsonc b/tests/specs/compile/permissions_denied/__test__.jsonc new file mode 100644 index 000000000..8f8590162 --- /dev/null +++ b/tests/specs/compile/permissions_denied/__test__.jsonc @@ -0,0 +1,24 @@ +{ + "tempDir": true, + "steps": [{ + "if": "unix", + "args": "compile --output main main.ts", + "output": "[WILDCARD]" + }, { + "if": "unix", + "commandName": "./main", + "args": [], + "exitCode": 1, + "output": "main.out" + }, { + "if": "windows", + "args": "compile --output main.exe main.ts", + "output": "[WILDCARD]" + }, { + "if": "windows", + "commandName": "./main.exe", + "args": [], + "exitCode": 1, + "output": "main.out" + }] +} diff --git a/tests/specs/compile/permissions_denied/main.out b/tests/specs/compile/permissions_denied/main.out new file mode 100644 index 000000000..e9ea45c81 --- /dev/null +++ b/tests/specs/compile/permissions_denied/main.out @@ -0,0 +1,2 @@ +error: Uncaught (in promise) PermissionDenied: Requires run access to "deno", specify the required permissions during compilation using `deno compile --allow-run` +[WILDCARD]
\ No newline at end of file diff --git a/tests/specs/compile/permissions_denied/main.ts b/tests/specs/compile/permissions_denied/main.ts new file mode 100644 index 000000000..eeac858ff --- /dev/null +++ b/tests/specs/compile/permissions_denied/main.ts @@ -0,0 +1 @@ +new Deno.Command("deno").outputSync(); diff --git a/tests/testdata/npm/deno_run_cowsay_no_permissions.out b/tests/testdata/npm/deno_run_cowsay_no_permissions.out index 206ef1484..837394d49 100644 --- a/tests/testdata/npm/deno_run_cowsay_no_permissions.out +++ b/tests/testdata/npm/deno_run_cowsay_no_permissions.out @@ -1,2 +1,2 @@ -error: Uncaught PermissionDenied: Requires read access to <CWD>, run again with the --allow-read flag +error: Uncaught PermissionDenied: Requires read access to <CWD>, specify the required permissions during compilation using `deno compile --allow-read` [WILDCARD] |