1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
use ::deno_permissions::PermissionState;
use ::deno_permissions::PermissionsContainer;
use deno_core::op2;
use deno_core::OpState;
use serde::Deserialize;
use serde::Serialize;
deno_core::extension!(
deno_permissions,
ops = [
op_query_permission,
op_revoke_permission,
op_request_permission,
],
);
#[derive(Deserialize)]
pub struct PermissionArgs {
name: String,
path: Option<String>,
host: Option<String>,
variable: Option<String>,
kind: Option<String>,
command: Option<String>,
}
#[derive(Serialize)]
pub struct PermissionStatus {
state: String,
partial: bool,
}
impl From<PermissionState> for PermissionStatus {
fn from(state: PermissionState) -> Self {
PermissionStatus {
state: if state == PermissionState::GrantedPartial {
PermissionState::Granted.to_string()
} else {
state.to_string()
},
partial: state == PermissionState::GrantedPartial,
}
}
}
#[derive(Debug, thiserror::Error)]
pub enum PermissionError {
#[error("No such permission name: {0}")]
InvalidPermissionName(String),
#[error("{0}")]
PathResolve(#[from] ::deno_permissions::PathResolveError),
#[error("{0}")]
NetDescriptorParse(#[from] ::deno_permissions::NetDescriptorParseError),
#[error("{0}")]
SysDescriptorParse(#[from] ::deno_permissions::SysDescriptorParseError),
#[error("{0}")]
RunDescriptorParse(#[from] ::deno_permissions::RunDescriptorParseError),
}
#[op2]
#[serde]
pub fn op_query_permission(
state: &mut OpState,
#[serde] args: PermissionArgs,
) -> Result<PermissionStatus, PermissionError> {
let permissions = state.borrow::<PermissionsContainer>();
let perm = match args.name.as_ref() {
"read" => permissions.query_read(args.path.as_deref())?,
"write" => permissions.query_write(args.path.as_deref())?,
"net" => permissions.query_net(args.host.as_deref())?,
"env" => permissions.query_env(args.variable.as_deref()),
"sys" => permissions.query_sys(args.kind.as_deref())?,
"run" => permissions.query_run(args.command.as_deref())?,
"ffi" => permissions.query_ffi(args.path.as_deref())?,
_ => return Err(PermissionError::InvalidPermissionName(args.name)),
};
Ok(PermissionStatus::from(perm))
}
#[op2]
#[serde]
pub fn op_revoke_permission(
state: &mut OpState,
#[serde] args: PermissionArgs,
) -> Result<PermissionStatus, PermissionError> {
let permissions = state.borrow::<PermissionsContainer>();
let perm = match args.name.as_ref() {
"read" => permissions.revoke_read(args.path.as_deref())?,
"write" => permissions.revoke_write(args.path.as_deref())?,
"net" => permissions.revoke_net(args.host.as_deref())?,
"env" => permissions.revoke_env(args.variable.as_deref()),
"sys" => permissions.revoke_sys(args.kind.as_deref())?,
"run" => permissions.revoke_run(args.command.as_deref())?,
"ffi" => permissions.revoke_ffi(args.path.as_deref())?,
_ => return Err(PermissionError::InvalidPermissionName(args.name)),
};
Ok(PermissionStatus::from(perm))
}
#[op2]
#[serde]
pub fn op_request_permission(
state: &mut OpState,
#[serde] args: PermissionArgs,
) -> Result<PermissionStatus, PermissionError> {
let permissions = state.borrow::<PermissionsContainer>();
let perm = match args.name.as_ref() {
"read" => permissions.request_read(args.path.as_deref())?,
"write" => permissions.request_write(args.path.as_deref())?,
"net" => permissions.request_net(args.host.as_deref())?,
"env" => permissions.request_env(args.variable.as_deref()),
"sys" => permissions.request_sys(args.kind.as_deref())?,
"run" => permissions.request_run(args.command.as_deref())?,
"ffi" => permissions.request_ffi(args.path.as_deref())?,
_ => return Err(PermissionError::InvalidPermissionName(args.name)),
};
Ok(PermissionStatus::from(perm))
}
|
