1 files changed, 12 insertions, 8 deletions

diff --git a/cli/specifier_handler.rs b/cli/specifier_handler.rs
index 066ed87f4..900b918ab 100644
--- a/cli/specifier_handler.rs
+++ b/cli/specifier_handler.rs
@@ -222,9 +222,10 @@ impl CompiledFileMetadata {
 pub struct FetchHandler {
   /// An instance of disk where generated (emitted) files are stored.
   disk_cache: DiskCache,
-  /// The set of current runtime permissions which need to be applied to
-  /// dynamic imports.
-  runtime_permissions: Permissions,
+  /// The set permissions which are used for root modules (static imports).
+  root_permissions: Permissions,
+  /// The set of permissions which are used for dynamic imports.
+  dynamic_permissions: Permissions,
   /// A clone of the `program_state` file fetcher.
   file_fetcher: FileFetcher,
 }
@@ -232,7 +233,8 @@ pub struct FetchHandler {
 impl FetchHandler {
   pub fn new(
     program_state: &Arc<ProgramState>,
-    runtime_permissions: Permissions,
+    root_permissions: Permissions,
+    dynamic_permissions: Permissions,
   ) -> Result<Self, AnyError> {
     let custom_root = env::var("DENO_DIR").map(String::into).ok();
     let deno_dir = DenoDir::new(custom_root)?;
@@ -241,7 +243,8 @@ impl FetchHandler {
 
     Ok(FetchHandler {
       disk_cache,
-      runtime_permissions,
+      root_permissions,
+      dynamic_permissions,
       file_fetcher,
     })
   }
@@ -258,9 +261,9 @@ impl SpecifierHandler for FetchHandler {
     // permissions need to be applied.  Other static imports have all
     // permissions.
     let mut permissions = if is_dynamic {
-      self.runtime_permissions.clone()
+      self.dynamic_permissions.clone()
     } else {
-      Permissions::allow_all()
+      self.root_permissions.clone()
     };
     let file_fetcher = self.file_fetcher.clone();
     let disk_cache = self.disk_cache.clone();
@@ -603,7 +606,8 @@ pub mod tests {
 
     let fetch_handler = FetchHandler {
       disk_cache,
-      runtime_permissions: Permissions::default(),
+      root_permissions: Permissions::allow_all(),
+      dynamic_permissions: Permissions::default(),
       file_fetcher,
     };