summaryrefslogtreecommitdiff
path: root/cli/tools
diff options
context:
space:
mode:
Diffstat (limited to 'cli/tools')
-rw-r--r--cli/tools/bench/mod.rs33
-rw-r--r--cli/tools/jupyter/mod.rs4
-rw-r--r--cli/tools/registry/pm/cache_deps.rs2
-rw-r--r--cli/tools/repl/mod.rs10
-rw-r--r--cli/tools/run/mod.rs18
-rw-r--r--cli/tools/serve.rs9
-rw-r--r--cli/tools/test/mod.rs40
7 files changed, 59 insertions, 57 deletions
diff --git a/cli/tools/bench/mod.rs b/cli/tools/bench/mod.rs
index 44ae8321d..f133759c9 100644
--- a/cli/tools/bench/mod.rs
+++ b/cli/tools/bench/mod.rs
@@ -30,6 +30,7 @@ use deno_core::ModuleSpecifier;
use deno_core::PollEventLoopOptions;
use deno_runtime::deno_permissions::Permissions;
use deno_runtime::deno_permissions::PermissionsContainer;
+use deno_runtime::permissions::RuntimePermissionDescriptorParser;
use deno_runtime::tokio_util::create_and_run_current_thread;
use deno_runtime::WorkerExecutionMode;
use indexmap::IndexMap;
@@ -144,14 +145,14 @@ fn create_reporter(
/// Run a single specifier as an executable bench module.
async fn bench_specifier(
worker_factory: Arc<CliMainWorkerFactory>,
- permissions: Permissions,
+ permissions_container: PermissionsContainer,
specifier: ModuleSpecifier,
sender: UnboundedSender<BenchEvent>,
filter: TestFilter,
) -> Result<(), AnyError> {
match bench_specifier_inner(
worker_factory,
- permissions,
+ permissions_container,
specifier.clone(),
&sender,
filter,
@@ -176,7 +177,7 @@ async fn bench_specifier(
/// Run a single specifier as an executable bench module.
async fn bench_specifier_inner(
worker_factory: Arc<CliMainWorkerFactory>,
- permissions: Permissions,
+ permissions_container: PermissionsContainer,
specifier: ModuleSpecifier,
sender: &UnboundedSender<BenchEvent>,
filter: TestFilter,
@@ -185,7 +186,7 @@ async fn bench_specifier_inner(
.create_custom_worker(
WorkerExecutionMode::Bench,
specifier.clone(),
- PermissionsContainer::new(permissions),
+ permissions_container,
vec![ops::bench::deno_bench::init_ops(sender.clone())],
Default::default(),
)
@@ -264,6 +265,7 @@ async fn bench_specifier_inner(
async fn bench_specifiers(
worker_factory: Arc<CliMainWorkerFactory>,
permissions: &Permissions,
+ permissions_desc_parser: &Arc<RuntimePermissionDescriptorParser>,
specifiers: Vec<ModuleSpecifier>,
options: BenchSpecifierOptions,
) -> Result<(), AnyError> {
@@ -273,13 +275,16 @@ async fn bench_specifiers(
let join_handles = specifiers.into_iter().map(move |specifier| {
let worker_factory = worker_factory.clone();
- let permissions = permissions.clone();
+ let permissions_container = PermissionsContainer::new(
+ permissions_desc_parser.clone(),
+ permissions.clone(),
+ );
let sender = sender.clone();
let options = option_for_handles.clone();
spawn_blocking(move || {
let future = bench_specifier(
worker_factory,
- permissions,
+ permissions_container,
specifier,
sender,
options.filter,
@@ -410,8 +415,11 @@ pub async fn run_benchmarks(
// Various bench files should not share the same permissions in terms of
// `PermissionsContainer` - otherwise granting/revoking permissions in one
// file would have impact on other files, which is undesirable.
- let permissions =
- Permissions::from_options(&cli_options.permissions_options()?)?;
+ let permission_desc_parser = factory.permission_desc_parser()?.clone();
+ let permissions = Permissions::from_options(
+ permission_desc_parser.as_ref(),
+ &cli_options.permissions_options(),
+ )?;
let members_with_bench_options =
cli_options.resolve_bench_options_for_members(&bench_flags)?;
@@ -446,6 +454,7 @@ pub async fn run_benchmarks(
bench_specifiers(
worker_factory,
&permissions,
+ &permission_desc_parser,
specifiers,
BenchSpecifierOptions {
filter: TestFilter::from_flag(&workspace_bench_options.filter),
@@ -519,8 +528,11 @@ pub async fn run_benchmarks_with_watch(
// Various bench files should not share the same permissions in terms of
// `PermissionsContainer` - otherwise granting/revoking permissions in one
// file would have impact on other files, which is undesirable.
- let permissions =
- Permissions::from_options(&cli_options.permissions_options()?)?;
+ let permission_desc_parser = factory.permission_desc_parser()?.clone();
+ let permissions = Permissions::from_options(
+ permission_desc_parser.as_ref(),
+ &cli_options.permissions_options(),
+ )?;
let graph = module_graph_creator
.create_graph(graph_kind, collected_bench_modules.clone())
@@ -568,6 +580,7 @@ pub async fn run_benchmarks_with_watch(
bench_specifiers(
worker_factory,
&permissions,
+ &permission_desc_parser,
specifiers,
BenchSpecifierOptions {
filter: TestFilter::from_flag(&workspace_bench_options.filter),
diff --git a/cli/tools/jupyter/mod.rs b/cli/tools/jupyter/mod.rs
index 14fcbd72c..71e947ddd 100644
--- a/cli/tools/jupyter/mod.rs
+++ b/cli/tools/jupyter/mod.rs
@@ -25,7 +25,6 @@ use deno_core::serde_json::json;
use deno_core::url::Url;
use deno_runtime::deno_io::Stdio;
use deno_runtime::deno_io::StdioPipe;
-use deno_runtime::deno_permissions::Permissions;
use deno_runtime::deno_permissions::PermissionsContainer;
use deno_runtime::WorkerExecutionMode;
use deno_terminal::colors;
@@ -65,7 +64,8 @@ pub async fn kernel(
resolve_url_or_path("./$deno$jupyter.ts", cli_options.initial_cwd())
.unwrap();
// TODO(bartlomieju): should we run with all permissions?
- let permissions = PermissionsContainer::new(Permissions::allow_all());
+ let permissions =
+ PermissionsContainer::allow_all(factory.permission_desc_parser()?.clone());
let npm_resolver = factory.npm_resolver().await?.clone();
let resolver = factory.resolver().await?.clone();
let worker_factory = factory.create_cli_main_worker_factory().await?;
diff --git a/cli/tools/registry/pm/cache_deps.rs b/cli/tools/registry/pm/cache_deps.rs
index d292c32f5..a03c30df8 100644
--- a/cli/tools/registry/pm/cache_deps.rs
+++ b/cli/tools/registry/pm/cache_deps.rs
@@ -106,7 +106,7 @@ pub async fn cache_top_level_deps(
&roots,
false,
deno_config::deno_json::TsTypeLib::DenoWorker,
- deno_runtime::deno_permissions::PermissionsContainer::allow_all(),
+ crate::file_fetcher::FetchPermissionsOption::AllowAll,
)
.await?;
}
diff --git a/cli/tools/repl/mod.rs b/cli/tools/repl/mod.rs
index ed3d94c84..24bc8e30a 100644
--- a/cli/tools/repl/mod.rs
+++ b/cli/tools/repl/mod.rs
@@ -16,8 +16,6 @@ use deno_core::error::AnyError;
use deno_core::futures::StreamExt;
use deno_core::serde_json;
use deno_core::unsync::spawn_blocking;
-use deno_runtime::deno_permissions::Permissions;
-use deno_runtime::deno_permissions::PermissionsContainer;
use deno_runtime::WorkerExecutionMode;
use rustyline::error::ReadlineError;
@@ -151,9 +149,7 @@ async fn read_eval_file(
let specifier =
deno_core::resolve_url_or_path(eval_file, cli_options.initial_cwd())?;
- let file = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await?;
+ let file = file_fetcher.fetch_bypass_permissions(&specifier).await?;
Ok(file.into_text_decoded()?.source)
}
@@ -166,9 +162,7 @@ pub async fn run(
let factory = CliFactory::from_flags(flags);
let cli_options = factory.cli_options()?;
let main_module = cli_options.resolve_main_module()?;
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let npm_resolver = factory.npm_resolver().await?.clone();
let resolver = factory.resolver().await?.clone();
let file_fetcher = factory.file_fetcher()?;
diff --git a/cli/tools/run/mod.rs b/cli/tools/run/mod.rs
index bdafdae88..200644490 100644
--- a/cli/tools/run/mod.rs
+++ b/cli/tools/run/mod.rs
@@ -5,8 +5,6 @@ use std::sync::Arc;
use deno_config::deno_json::NodeModulesDirMode;
use deno_core::error::AnyError;
-use deno_runtime::deno_permissions::Permissions;
-use deno_runtime::deno_permissions::PermissionsContainer;
use deno_runtime::WorkerExecutionMode;
use crate::args::EvalFlags;
@@ -62,9 +60,7 @@ pub async fn run_script(
maybe_npm_install(&factory).await?;
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let worker_factory = factory.create_cli_main_worker_factory().await?;
let mut worker = worker_factory
.create_main_worker(mode, main_module, permissions)
@@ -83,9 +79,7 @@ pub async fn run_from_stdin(flags: Arc<Flags>) -> Result<i32, AnyError> {
let file_fetcher = factory.file_fetcher()?;
let worker_factory = factory.create_cli_main_worker_factory().await?;
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let mut source = Vec::new();
std::io::stdin().read_to_end(&mut source)?;
// Save a fake file into file fetcher cache
@@ -131,9 +125,7 @@ async fn run_with_watch(
let _ = watcher_communicator.watch_paths(cli_options.watch_paths());
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let mut worker = factory
.create_cli_main_worker_factory()
.await?
@@ -181,9 +173,7 @@ pub async fn eval_command(
source: source_code.into_bytes().into(),
});
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let worker_factory = factory.create_cli_main_worker_factory().await?;
let mut worker = worker_factory
.create_main_worker(WorkerExecutionMode::Eval, main_module, permissions)
diff --git a/cli/tools/serve.rs b/cli/tools/serve.rs
index 24666b8f6..2f553cf1e 100644
--- a/cli/tools/serve.rs
+++ b/cli/tools/serve.rs
@@ -5,7 +5,6 @@ use std::sync::Arc;
use deno_core::error::AnyError;
use deno_core::futures::TryFutureExt;
use deno_core::ModuleSpecifier;
-use deno_runtime::deno_permissions::Permissions;
use deno_runtime::deno_permissions::PermissionsContainer;
use super::run::check_permission_before_script;
@@ -45,9 +44,7 @@ pub async fn serve(
maybe_npm_install(&factory).await?;
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let worker_factory = factory.create_cli_main_worker_factory().await?;
do_serve(
@@ -175,9 +172,7 @@ async fn serve_with_watch(
let _ = watcher_communicator.watch_paths(cli_options.watch_paths());
- let permissions = PermissionsContainer::new(Permissions::from_options(
- &cli_options.permissions_options()?,
- )?);
+ let permissions = factory.create_permissions_container()?;
let worker_factory = factory.create_cli_main_worker_factory().await?;
do_serve(worker_factory, main_module, permissions, worker_count, hmr)
diff --git a/cli/tools/test/mod.rs b/cli/tools/test/mod.rs
index 7b172cf87..63382ffc6 100644
--- a/cli/tools/test/mod.rs
+++ b/cli/tools/test/mod.rs
@@ -56,6 +56,7 @@ use deno_runtime::deno_io::StdioPipe;
use deno_runtime::deno_permissions::Permissions;
use deno_runtime::deno_permissions::PermissionsContainer;
use deno_runtime::fmt_errors::format_js_error;
+use deno_runtime::permissions::RuntimePermissionDescriptorParser;
use deno_runtime::tokio_util::create_and_run_current_thread;
use deno_runtime::worker::MainWorker;
use deno_runtime::WorkerExecutionMode;
@@ -595,7 +596,7 @@ fn get_test_reporter(options: &TestSpecifiersOptions) -> Box<dyn TestReporter> {
async fn configure_main_worker(
worker_factory: Arc<CliMainWorkerFactory>,
specifier: &Url,
- permissions: Permissions,
+ permissions_container: PermissionsContainer,
worker_sender: TestEventWorkerSender,
options: &TestSpecifierOptions,
) -> Result<(Option<Box<dyn CoverageCollector>>, MainWorker), anyhow::Error> {
@@ -603,7 +604,7 @@ async fn configure_main_worker(
.create_custom_worker(
WorkerExecutionMode::Test,
specifier.clone(),
- PermissionsContainer::new(permissions),
+ permissions_container,
vec![ops::testing::deno_test::init_ops(worker_sender.sender)],
Stdio {
stdin: StdioPipe::inherit(),
@@ -646,7 +647,7 @@ async fn configure_main_worker(
/// both.
pub async fn test_specifier(
worker_factory: Arc<CliMainWorkerFactory>,
- permissions: Permissions,
+ permissions_container: PermissionsContainer,
specifier: ModuleSpecifier,
worker_sender: TestEventWorkerSender,
fail_fast_tracker: FailFastTracker,
@@ -658,7 +659,7 @@ pub async fn test_specifier(
let (coverage_collector, mut worker) = configure_main_worker(
worker_factory,
&specifier,
- permissions,
+ permissions_container,
worker_sender,
&options,
)
@@ -1327,9 +1328,8 @@ async fn fetch_inline_files(
) -> Result<Vec<File>, AnyError> {
let mut files = Vec::new();
for specifier in specifiers {
- let fetch_permissions = PermissionsContainer::allow_all();
let file = file_fetcher
- .fetch(&specifier, &fetch_permissions)
+ .fetch_bypass_permissions(&specifier)
.await?
.into_text_decoded()?;
@@ -1407,6 +1407,7 @@ static HAS_TEST_RUN_SIGINT_HANDLER: AtomicBool = AtomicBool::new(false);
async fn test_specifiers(
worker_factory: Arc<CliMainWorkerFactory>,
permissions: &Permissions,
+ permission_desc_parser: &Arc<RuntimePermissionDescriptorParser>,
specifiers: Vec<ModuleSpecifier>,
options: TestSpecifiersOptions,
) -> Result<(), AnyError> {
@@ -1434,14 +1435,17 @@ async fn test_specifiers(
let join_handles = specifiers.into_iter().map(move |specifier| {
let worker_factory = worker_factory.clone();
- let permissions = permissions.clone();
+ let permissions_container = PermissionsContainer::new(
+ permission_desc_parser.clone(),
+ permissions.clone(),
+ );
let worker_sender = test_event_sender_factory.worker();
let fail_fast_tracker = fail_fast_tracker.clone();
let specifier_options = options.specifier.clone();
spawn_blocking(move || {
create_and_run_current_thread(test_specifier(
worker_factory,
- permissions,
+ permissions_container,
specifier,
worker_sender,
fail_fast_tracker,
@@ -1739,9 +1743,7 @@ async fn fetch_specifiers_with_test_mode(
.collect::<Vec<_>>();
for (specifier, mode) in &mut specifiers_with_mode {
- let file = file_fetcher
- .fetch(specifier, &PermissionsContainer::allow_all())
- .await?;
+ let file = file_fetcher.fetch_bypass_permissions(specifier).await?;
let (media_type, _) = file.resolve_media_type_and_charset();
if matches!(media_type, MediaType::Unknown | MediaType::Dts) {
@@ -1764,8 +1766,11 @@ pub async fn run_tests(
// Various test files should not share the same permissions in terms of
// `PermissionsContainer` - otherwise granting/revoking permissions in one
// file would have impact on other files, which is undesirable.
- let permissions =
- Permissions::from_options(&cli_options.permissions_options()?)?;
+ let permission_desc_parser = factory.permission_desc_parser()?;
+ let permissions = Permissions::from_options(
+ permission_desc_parser.as_ref(),
+ &cli_options.permissions_options(),
+ )?;
let log_level = cli_options.log_level();
let members_with_test_options =
@@ -1802,6 +1807,7 @@ pub async fn run_tests(
test_specifiers(
worker_factory,
&permissions,
+ permission_desc_parser,
specifiers_with_mode
.into_iter()
.filter_map(|(s, m)| match m {
@@ -1914,8 +1920,11 @@ pub async fn run_tests_with_watch(
.flatten()
.collect::<Vec<_>>();
- let permissions =
- Permissions::from_options(&cli_options.permissions_options()?)?;
+ let permission_desc_parser = factory.permission_desc_parser()?;
+ let permissions = Permissions::from_options(
+ permission_desc_parser.as_ref(),
+ &cli_options.permissions_options(),
+ )?;
let graph = module_graph_creator
.create_graph(graph_kind, test_modules)
.await?;
@@ -1969,6 +1978,7 @@ pub async fn run_tests_with_watch(
test_specifiers(
worker_factory,
&permissions,
+ permission_desc_parser,
specifiers_with_mode
.into_iter()
.filter_map(|(s, m)| match m {
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-17 07:49:27 +0000