1 files changed, 64 insertions, 30 deletions

diff --git a/cli/js/permissions.ts b/cli/js/permissions.ts
index 4f393501c..16ea3e5c2 100644
--- a/cli/js/permissions.ts
+++ b/cli/js/permissions.ts
@@ -2,38 +2,72 @@
 import * as dispatch from "./dispatch.ts";
 import { sendSync } from "./dispatch_json.ts";
 
-/** Permissions as granted by the caller */
-export interface Permissions {
-  read: boolean;
-  write: boolean;
-  net: boolean;
-  env: boolean;
-  run: boolean;
-  hrtime: boolean;
-  // NOTE: Keep in sync with src/permissions.rs
-}
+/** Permissions as granted by the caller
+ * See: https://w3c.github.io/permissions/#permission-registry
+ */
+export type PermissionName =
+  | "read"
+  | "write"
+  | "net"
+  | "env"
+  | "run"
+  | "hrtime";
+// NOTE: Keep in sync with cli/permissions.rs
 
-export type Permission = keyof Permissions;
+/** https://w3c.github.io/permissions/#status-of-a-permission */
+export type PermissionState = "granted" | "denied" | "prompt";
 
-/** Inspect granted permissions for the current program.
- *
- *       if (Deno.permissions().read) {
- *         const file = await Deno.readFile("example.test");
- *         // ...
- *       }
- */
-export function permissions(): Permissions {
-  return sendSync(dispatch.OP_PERMISSIONS) as Permissions;
+interface RunPermissionDescriptor {
+  name: "run";
+}
+interface ReadWritePermissionDescriptor {
+  name: "read" | "write";
+  path?: string;
+}
+interface NetPermissionDescriptor {
+  name: "net";
+  url?: string;
+}
+interface EnvPermissionDescriptor {
+  name: "env";
 }
+interface HrtimePermissionDescriptor {
+  name: "hrtime";
+}
+/** See: https://w3c.github.io/permissions/#permission-descriptor */
+type PermissionDescriptor =
+  | RunPermissionDescriptor
+  | ReadWritePermissionDescriptor
+  | NetPermissionDescriptor
+  | EnvPermissionDescriptor
+  | HrtimePermissionDescriptor;
 
-/** Revoke a permission. When the permission was already revoked nothing changes
- *
- *       if (Deno.permissions().read) {
- *         const file = await Deno.readFile("example.test");
- *         Deno.revokePermission('read');
- *       }
- *       Deno.readFile("example.test"); // -> error or permission prompt
- */
-export function revokePermission(permission: Permission): void {
-  sendSync(dispatch.OP_REVOKE_PERMISSION, { permission });
+/** https://w3c.github.io/permissions/#permissionstatus */
+export class PermissionStatus {
+  constructor(public state: PermissionState) {}
+  // TODO(kt3k): implement onchange handler
+}
+
+export class Permissions {
+  /** Queries the permission.
+   *       const status = await Deno.permissions.query({ name: "read", path: "/etc" });
+   *       if (status.state === "granted") {
+   *         file = await Deno.readFile("/etc/passwd");
+   *       }
+   */
+  async query(desc: PermissionDescriptor): Promise<PermissionStatus> {
+    const { state } = sendSync(dispatch.OP_QUERY_PERMISSION, desc);
+    return new PermissionStatus(state);
+  }
+
+  /** Revokes the permission.
+   *       const status = await Deno.permissions.revoke({ name: "run" });
+   *       assert(status.state !== "granted")
+   */
+  async revoke(desc: PermissionDescriptor): Promise<PermissionStatus> {
+    const { state } = sendSync(dispatch.OP_REVOKE_PERMISSION, desc);
+    return new PermissionStatus(state);
+  }
 }
+
+export const permissions = new Permissions();