From 8c310d3d56c6b1bc67ee81d8c5ea9b20abee8088 Mon Sep 17 00:00:00 2001
From: andy finch <andyfinch7@gmail.com>
Date: Fri, 1 Mar 2019 19:25:50 -0500
Subject: Permissions refactor (#1864)

Refactored permissions to be assignable on a per-isolate
basis, and added a fix for #1858 to op_fetch_module_meta_data.
---
 src/compiler.rs | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src/compiler.rs')

diff --git a/src/compiler.rs b/src/compiler.rs
index bef889c96..fa86617ce 100644
--- a/src/compiler.rs
+++ b/src/compiler.rs
@@ -2,6 +2,7 @@
 use crate::isolate::Buf;
 use crate::isolate::IsolateState;
 use crate::msg;
+use crate::permissions::DenoPermissions;
 use crate::resources;
 use crate::resources::Resource;
 use crate::resources::ResourceId;
@@ -10,6 +11,7 @@ use crate::workers;
 use futures::Future;
 use serde_json;
 use std::str;
+use std::sync::atomic::AtomicBool;
 use std::sync::Arc;
 use std::sync::Mutex;
 
@@ -48,9 +50,19 @@ impl ModuleMetaData {
 
 fn lazy_start(parent_state: &Arc<IsolateState>) -> Resource {
   let mut cell = C_RID.lock().unwrap();
+  let permissions = DenoPermissions {
+    allow_read: AtomicBool::new(true),
+    allow_write: AtomicBool::new(false),
+    allow_env: AtomicBool::new(false),
+    allow_net: AtomicBool::new(true),
+    allow_run: AtomicBool::new(false),
+  };
   let rid = cell.get_or_insert_with(|| {
-    let resource =
-      workers::spawn(parent_state.clone(), "compilerMain()".to_string());
+    let resource = workers::spawn(
+      parent_state.clone(),
+      "compilerMain()".to_string(),
+      permissions,
+    );
     resource.rid
   });
   Resource { rid: *rid }
-- 
cgit v1.2.3