From 386d5c8310891c5dc9627abbf2374e60bb4e50d2 Mon Sep 17 00:00:00 2001 From: David Sherret Date: Thu, 6 Jun 2024 23:37:53 -0400 Subject: refactor: remove `PermissionsContainer` in deno_runtime (#24119) Also removes permissions being passed in for node resolution. It was completely useless because we only checked it for reading package.json files, but Deno reading package.json files for resolution is perfectly fine. My guess is this is also a perf improvement because Deno is doing less work. --- ext/fs/Cargo.toml | 1 + ext/fs/lib.rs | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 1 deletion(-) (limited to 'ext/fs') diff --git a/ext/fs/Cargo.toml b/ext/fs/Cargo.toml index b5ac5199c..f13dc1cbf 100644 --- a/ext/fs/Cargo.toml +++ b/ext/fs/Cargo.toml @@ -21,6 +21,7 @@ async-trait.workspace = true base32.workspace = true deno_core.workspace = true deno_io.workspace = true +deno_permissions.workspace = true filetime.workspace = true libc.workspace = true rand.workspace = true diff --git a/ext/fs/lib.rs b/ext/fs/lib.rs index d6794d3ac..2dce04b32 100644 --- a/ext/fs/lib.rs +++ b/ext/fs/lib.rs @@ -23,9 +23,10 @@ use crate::ops::*; use deno_core::error::AnyError; use deno_core::OpState; use deno_io::fs::FsError; +use std::borrow::Cow; use std::path::Path; -pub trait FsPermissions: Send + Sync { +pub trait FsPermissions { fn check_open<'a>( &mut self, resolved: bool, @@ -78,6 +79,92 @@ pub trait FsPermissions: Send + Sync { } } +impl FsPermissions for deno_permissions::PermissionsContainer { + fn check_open<'a>( + &mut self, + resolved: bool, + read: bool, + write: bool, + path: &'a Path, + api_name: &str, + ) -> Result, FsError> { + if resolved { + self.check_special_file(path, api_name).map_err(|_| { + std::io::Error::from(std::io::ErrorKind::PermissionDenied) + })?; + return Ok(Cow::Borrowed(path)); + } + + // If somehow read or write aren't specified, use read + let read = read || !write; + if read { + FsPermissions::check_read(self, path, api_name) + .map_err(|_| FsError::PermissionDenied("read"))?; + } + if write { + FsPermissions::check_write(self, path, api_name) + .map_err(|_| FsError::PermissionDenied("write"))?; + } + Ok(Cow::Borrowed(path)) + } + + fn check_read( + &mut self, + path: &Path, + api_name: &str, + ) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_read(self, path, api_name) + } + + fn check_read_blind( + &mut self, + path: &Path, + display: &str, + api_name: &str, + ) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_read_blind( + self, path, display, api_name, + ) + } + + fn check_write( + &mut self, + path: &Path, + api_name: &str, + ) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_write(self, path, api_name) + } + + fn check_write_partial( + &mut self, + path: &Path, + api_name: &str, + ) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_write_partial( + self, path, api_name, + ) + } + + fn check_write_blind( + &mut self, + p: &Path, + display: &str, + api_name: &str, + ) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_write_blind( + self, p, display, api_name, + ) + } + + fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_read_all(self, api_name) + } + + fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> { + deno_permissions::PermissionsContainer::check_write_all(self, api_name) + } +} + pub const UNSTABLE_FEATURE_NAME: &str = "fs"; /// Helper for checking unstable features. Used for sync ops. -- cgit v1.2.3