4 files changed, 103 insertions, 0 deletions
diff --git a/js/deno.ts b/js/deno.ts
index 66d7d796c..d13ca81dd 100644
--- a/js/deno.ts
+++ b/js/deno.ts
@@ -50,6 +50,12 @@ export { symlinkSync, symlink } from "./symlink";
 export { writeFileSync, writeFile, WriteFileOptions } from "./write_file";
 export { ErrorKind, DenoError } from "./errors";
 export { libdeno } from "./libdeno";
+export {
+  permissions,
+  revokePermission,
+  Permission,
+  Permissions
+} from "./permissions";
 export { platform } from "./platform";
 export { truncateSync, truncate } from "./truncate";
 export { FileInfo } from "./file_info";
diff --git a/js/permissions.ts b/js/permissions.ts
new file mode 100644
index 000000000..6acb80b1f
--- /dev/null
+++ b/js/permissions.ts
@@ -0,0 +1,74 @@
+// Copyright 2018-2019 the Deno authors. All rights reserved. MIT license.
+import * as msg from "gen/msg_generated";
+import * as flatbuffers from "./flatbuffers";
+import * as dispatch from "./dispatch";
+import { assert } from "./util";
+
+/** Permissions as granted by the caller */
+export type Permissions = {
+  read: boolean;
+  write: boolean;
+  net: boolean;
+  env: boolean;
+  run: boolean;
+
+  // NOTE: Keep in sync with src/permissions.rs
+};
+
+export type Permission = keyof Permissions;
+
+/** Inspect granted permissions for the current program.
+ *
+ *       if (Deno.permissions().read) {
+ *         const file = await Deno.readFile("example.test");
+ *         // ...
+ *       }
+ */
+export function permissions(): Permissions {
+  const baseRes = dispatch.sendSync(...getReq())!;
+  assert(msg.Any.PermissionsRes === baseRes.innerType());
+  const res = new msg.PermissionsRes();
+  assert(baseRes.inner(res) != null);
+  // TypeScript cannot track assertion above, therefore not null assertion
+  return createPermissions(res);
+}
+
+/** Revoke a permission. When the permission was already revoked nothing changes
+ *
+ *       if (Deno.permissions().read) {
+ *         const file = await Deno.readFile("example.test");
+ *         Deno.revokePermission('read');
+ *       }
+ *       Deno.readFile("example.test"); // -> error or permission prompt
+ */
+export function revokePermission(permission: Permission): void {
+  dispatch.sendSync(...revokeReq(permission));
+}
+
+function createPermissions(inner: msg.PermissionsRes): Permissions {
+  return {
+    read: inner.read(),
+    write: inner.write(),
+    net: inner.net(),
+    env: inner.env(),
+    run: inner.run()
+  };
+}
+
+function getReq(): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
+  const builder = flatbuffers.createBuilder();
+  msg.Permissions.startPermissions(builder);
+  const inner = msg.Permissions.endPermissions(builder);
+  return [builder, msg.Any.Permissions, inner];
+}
+
+function revokeReq(
+  permission: string
+): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
+  const builder = flatbuffers.createBuilder();
+  const permission_ = builder.createString(permission);
+  msg.PermissionRevoke.startPermissionRevoke(builder);
+  msg.PermissionRevoke.addPermission(builder, permission_);
+  const inner = msg.PermissionRevoke.endPermissionRevoke(builder);
+  return [builder, msg.Any.PermissionRevoke, inner];
+}
diff --git a/js/permissions_test.ts b/js/permissions_test.ts
new file mode 100644
index 000000000..f4245c03b
--- /dev/null
+++ b/js/permissions_test.ts
@@ -0,0 +1,22 @@
+// Copyright 2018-2019 the Deno authors. All rights reserved. MIT license.
+import { testPerm, assert, assertEqual } from "./test_util.ts";
+import { Permission } from "deno";
+
+const knownPermissions: Permission[] = ["run", "read", "write", "net", "env"];
+
+for (let grant of knownPermissions) {
+  testPerm({ [grant]: true }, function envGranted() {
+    const perms = Deno.permissions();
+    assert(perms !== null);
+    for (const perm in perms) {
+      assertEqual(perms[perm], perm === grant);
+    }
+
+    Deno.revokePermission(grant);
+
+    const revoked = Deno.permissions();
+    for (const perm in revoked) {
+      assertEqual(revoked[perm], false);
+    }
+  });
+}
diff --git a/js/unit_tests.ts b/js/unit_tests.ts
index 91c1745b6..5085deb5c 100644
--- a/js/unit_tests.ts
+++ b/js/unit_tests.ts
@@ -45,6 +45,7 @@ import "./url_test.ts";
 import "./url_search_params_test.ts";
 import "./write_file_test.ts";
 import "./performance_test.ts";
+import "./permissions_test.ts";
 import "./version_test.ts";
 
 import "../website/app_test.js";