From 472a37064071c66cd1311cdea2e78de8d2bc0641 Mon Sep 17 00:00:00 2001
From: Matt Mastracci <matthew@mastracci.com>
Date: Fri, 19 Apr 2024 18:12:03 -0600
Subject: feat(runtime): Allow embedders to perform additional access checks on
 file open (#23208)

Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
---
 cli/standalone/file_system.rs | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'cli/standalone/file_system.rs')

diff --git a/cli/standalone/file_system.rs b/cli/standalone/file_system.rs
index f1ea570b5..843c7db55 100644
--- a/cli/standalone/file_system.rs
+++ b/cli/standalone/file_system.rs
@@ -5,6 +5,7 @@ use std::path::PathBuf;
 use std::rc::Rc;
 use std::sync::Arc;
 
+use deno_runtime::deno_fs::AccessCheckCb;
 use deno_runtime::deno_fs::FileSystem;
 use deno_runtime::deno_fs::FsDirEntry;
 use deno_runtime::deno_fs::FsFileType;
@@ -47,6 +48,7 @@ impl DenoCompileFileSystem {
         create_new: false,
         mode: None,
       },
+      None,
       &old_file_bytes,
     )
   }
@@ -75,22 +77,24 @@ impl FileSystem for DenoCompileFileSystem {
     &self,
     path: &Path,
     options: OpenOptions,
+    access_check: Option<AccessCheckCb>,
   ) -> FsResult<Rc<dyn File>> {
     if self.0.is_path_within(path) {
       Ok(self.0.open_file(path)?)
     } else {
-      RealFs.open_sync(path, options)
+      RealFs.open_sync(path, options, access_check)
     }
   }
-  async fn open_async(
-    &self,
+  async fn open_async<'a>(
+    &'a self,
     path: PathBuf,
     options: OpenOptions,
+    access_check: Option<AccessCheckCb<'a>>,
   ) -> FsResult<Rc<dyn File>> {
     if self.0.is_path_within(&path) {
       Ok(self.0.open_file(&path)?)
     } else {
-      RealFs.open_async(path, options).await
+      RealFs.open_async(path, options, access_check).await
     }
   }
 
-- 
cgit v1.2.3