From 6fb7e8d93bb9fd8cdd81130a394ae6061930c4f6 Mon Sep 17 00:00:00 2001 From: Asher Gomez Date: Thu, 3 Aug 2023 21:19:19 +1000 Subject: feat(permissions): add "--deny-*" flags (#19070) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds new "--deny-*" permission flags. These are complimentary to "--allow-*" flags. These flags can be used to restrict access to certain resources, even if they were granted using "--allow-*" flags or the "--allow-all" ("-A") flag. Eg. specifying "--allow-read --deny-read" will result in a permission error, while "--allow-read --deny-read=/etc" will allow read access to all FS but the "/etc" directory. Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly by adding, a new "PermissionStatus.partial" field. This field denotes that while permission might be granted to requested resource, it's only partial (ie. a "--deny-*" flag was specified that excludes some of the requested resources). Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for permissions like "Deno.permissions.query({ name: "read", path: "foo/" })" will return "PermissionStatus { state: "granted", onchange: null, partial: true }", denoting that some of the subpaths don't have read access. Closes #18804. --------- Co-authored-by: Bartek IwaƄczuk Co-authored-by: Nayeem Rahman --- ext/fs/ops.rs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'ext/fs/ops.rs') diff --git a/ext/fs/ops.rs b/ext/fs/ops.rs index 083d1b15f..da52318a4 100644 --- a/ext/fs/ops.rs +++ b/ext/fs/ops.rs @@ -294,9 +294,16 @@ where let fs = { let mut state = state.borrow_mut(); - state - .borrow_mut::

() - .check_write(&path, "Deno.remove()")?; + if recursive { + state + .borrow_mut::

() + .check_write(&path, "Deno.remove()")?; + } else { + state + .borrow_mut::

() + .check_write_partial(&path, "Deno.remove()")?; + } + state.borrow::().clone() }; -- cgit v1.2.3