denoland-deno/cli/ops/permissions.rs

// Copyright 2018-2020 the Deno authors. All rights reserved. MIT license.
use super::dispatch_json::{Deserialize, JsonOp, Value};
use crate::fs as deno_fs;
use crate::op_error::OpError;
use crate::state::State;
use deno_core::*;
use std::path::Path;

pub fn init(i: &mut Isolate, s: &State) {
  i.register_op(
    "op_query_permission",
    s.stateful_json_op(op_query_permission),
  );
  i.register_op(
    "op_revoke_permission",
    s.stateful_json_op(op_revoke_permission),
  );
  i.register_op(
    "op_request_permission",
    s.stateful_json_op(op_request_permission),
  );
}

#[derive(Deserialize)]
struct PermissionArgs {
  name: String,
  url: Option<String>,
  path: Option<String>,
}

fn resolve_path(path: &str) -> String {
  deno_fs::resolve_from_cwd(Path::new(path))
    .unwrap()
    .to_str()
    .unwrap()
    .to_string()
}

pub fn op_query_permission(
  state: &State,
  args: Value,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<JsonOp, OpError> {
  let args: PermissionArgs = serde_json::from_value(args)?;
  let state = state.borrow();
  let resolved_path = args.path.as_deref().map(resolve_path);
  let perm = state.permissions.get_permission_state(
    &args.name,
    &args.url.as_deref(),
    &resolved_path.as_deref().map(Path::new),
  )?;
  Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))
}

pub fn op_revoke_permission(
  state: &State,
  args: Value,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<JsonOp, OpError> {
  let args: PermissionArgs = serde_json::from_value(args)?;
  let mut state = state.borrow_mut();
  let permissions = &mut state.permissions;
  match args.name.as_ref() {
    "run" => permissions.allow_run.revoke(),
    "read" => permissions.allow_read.revoke(),
    "write" => permissions.allow_write.revoke(),
    "net" => permissions.allow_net.revoke(),
    "env" => permissions.allow_env.revoke(),
    "plugin" => permissions.allow_plugin.revoke(),
    "hrtime" => permissions.allow_hrtime.revoke(),
    _ => {}
  };
  let resolved_path = args.path.as_deref().map(resolve_path);
  let perm = permissions.get_permission_state(
    &args.name,
    &args.url.as_deref(),
    &resolved_path.as_deref().map(Path::new),
  )?;
  Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))
}

pub fn op_request_permission(
  state: &State,
  args: Value,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<JsonOp, OpError> {
  let args: PermissionArgs = serde_json::from_value(args)?;
  let mut state = state.borrow_mut();
  let permissions = &mut state.permissions;
  let resolved_path = args.path.as_deref().map(resolve_path);
  let perm = match args.name.as_ref() {
    "run" => Ok(permissions.request_run()),
    "read" => {
      Ok(permissions.request_read(&resolved_path.as_deref().map(Path::new)))
    }
    "write" => {
      Ok(permissions.request_write(&resolved_path.as_deref().map(Path::new)))
    }
    "net" => permissions.request_net(&args.url.as_deref()),
    "env" => Ok(permissions.request_env()),
    "plugin" => Ok(permissions.request_plugin()),
    "hrtime" => Ok(permissions.request_hrtime()),
    n => Err(OpError::other(format!("No such permission name: {}", n))),
  }?;
  Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))
}
Happy new year! (#3578) 2020-01-02 15:13:47 -05:00			`// Copyright 2018-2020 the Deno authors. All rights reserved. MIT license.`
bring back json ops (#2815) 2019-08-26 08:50:21 -04:00			`use super::dispatch_json::{Deserialize, JsonOp, Value};`
fix: Resolve read/write whitelists from CWD (#3684) 2020-01-16 14:47:02 -05:00			`use crate::fs as deno_fs;`
refactor: use OpError instead of ErrBox for errors in ops (#4058) To better reflect changes in error types in JS from #3662 this PR changes default error type used in ops from "ErrBox" to "OpError". "OpError" is a type that can be sent over to JSON; it has all information needed to construct error in JavaScript. That made "GetErrorKind" trait useless and so it was removed altogether. To provide compatibility with previous use of "ErrBox" an implementation of "From<ErrBox> for OpError" was added, however, it is an escape hatch and ops implementors should strive to use "OpError" directly. 2020-02-23 14:51:29 -05:00			`use crate::op_error::OpError;`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`use crate::state::State;`
Rename crates: 'deno' to 'deno_core' and 'deno_cli' to 'deno' (#3600) 2020-01-05 11:56:18 -05:00			`use deno_core::*;`
refactor: Improve path handling in permission checks (#3714) 2020-01-20 09:45:44 -05:00			`use std::path::Path;`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`pub fn init(i: &mut Isolate, s: &State) {`
Add init methods for each op module (#3087) 2019-10-11 14:41:54 -04:00			`i.register_op(`
Clean up how we use opIds (#4118) 2020-02-25 09:14:27 -05:00			`"op_query_permission",`
			`s.stateful_json_op(op_query_permission),`
Add init methods for each op module (#3087) 2019-10-11 14:41:54 -04:00			`);`
			`i.register_op(`
Clean up how we use opIds (#4118) 2020-02-25 09:14:27 -05:00			`"op_revoke_permission",`
			`s.stateful_json_op(op_revoke_permission),`
Add init methods for each op module (#3087) 2019-10-11 14:41:54 -04:00			`);`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`i.register_op(`
Clean up how we use opIds (#4118) 2020-02-25 09:14:27 -05:00			`"op_request_permission",`
			`s.stateful_json_op(op_request_permission),`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`);`
Add init methods for each op module (#3087) 2019-10-11 14:41:54 -04:00			`}`

Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`#[derive(Deserialize)]`
			`struct PermissionArgs {`
			`name: String,`
			`url: Option<String>,`
			`path: Option<String>,`
			`}`

fix: Resolve read/write whitelists from CWD (#3684) 2020-01-16 14:47:02 -05:00			`fn resolve_path(path: &str) -> String {`
refactor: Improve path handling in permission checks (#3714) 2020-01-20 09:45:44 -05:00			`deno_fs::resolve_from_cwd(Path::new(path))`
fix: Resolve read/write whitelists from CWD (#3684) 2020-01-16 14:47:02 -05:00			`.unwrap()`
			`.to_str()`
			`.unwrap()`
			`.to_string()`
			`}`

Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`pub fn op_query_permission(`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`state: &State,`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`args: Value,`
s/PinnedBuf/ZeroCopyBuf (#3782) 2020-01-24 15:10:49 -05:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: use OpError instead of ErrBox for errors in ops (#4058) To better reflect changes in error types in JS from #3662 this PR changes default error type used in ops from "ErrBox" to "OpError". "OpError" is a type that can be sent over to JSON; it has all information needed to construct error in JavaScript. That made "GetErrorKind" trait useless and so it was removed altogether. To provide compatibility with previous use of "ErrBox" an implementation of "From<ErrBox> for OpError" was added, however, it is an escape hatch and ops implementors should strive to use "OpError" directly. 2020-02-23 14:51:29 -05:00			`) -> Result<JsonOp, OpError> {`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`let args: PermissionArgs = serde_json::from_value(args)?;`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`let state = state.borrow();`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`let resolved_path = args.path.as_deref().map(resolve_path);`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`let perm = state.permissions.get_permission_state(`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`&args.name,`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`&args.url.as_deref(),`
			`&resolved_path.as_deref().map(Path::new),`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`)?;`
			`Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00			`}`

			`pub fn op_revoke_permission(`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`state: &State,`
bring back json ops (#2815) 2019-08-26 08:50:21 -04:00			`args: Value,`
s/PinnedBuf/ZeroCopyBuf (#3782) 2020-01-24 15:10:49 -05:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: use OpError instead of ErrBox for errors in ops (#4058) To better reflect changes in error types in JS from #3662 this PR changes default error type used in ops from "ErrBox" to "OpError". "OpError" is a type that can be sent over to JSON; it has all information needed to construct error in JavaScript. That made "GetErrorKind" trait useless and so it was removed altogether. To provide compatibility with previous use of "ErrBox" an implementation of "From<ErrBox> for OpError" was added, however, it is an escape hatch and ops implementors should strive to use "OpError" directly. 2020-02-23 14:51:29 -05:00			`) -> Result<JsonOp, OpError> {`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`let args: PermissionArgs = serde_json::from_value(args)?;`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`let mut state = state.borrow_mut();`
			`let permissions = &mut state.permissions;`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`match args.name.as_ref() {`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`"run" => permissions.allow_run.revoke(),`
			`"read" => permissions.allow_read.revoke(),`
			`"write" => permissions.allow_write.revoke(),`
			`"net" => permissions.allow_net.revoke(),`
			`"env" => permissions.allow_env.revoke(),`
feat: first pass at native plugins (#3372) 2019-12-05 15:30:20 -05:00			`"plugin" => permissions.allow_plugin.revoke(),`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`"hrtime" => permissions.allow_hrtime.revoke(),`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`_ => {}`
			`};`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`let resolved_path = args.path.as_deref().map(resolve_path);`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`let perm = permissions.get_permission_state(`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`&args.name,`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`&args.url.as_deref(),`
			`&resolved_path.as_deref().map(Path::new),`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`)?;`
			`Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00			`}`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00
			`pub fn op_request_permission(`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`state: &State,`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`args: Value,`
s/PinnedBuf/ZeroCopyBuf (#3782) 2020-01-24 15:10:49 -05:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: use OpError instead of ErrBox for errors in ops (#4058) To better reflect changes in error types in JS from #3662 this PR changes default error type used in ops from "ErrBox" to "OpError". "OpError" is a type that can be sent over to JSON; it has all information needed to construct error in JavaScript. That made "GetErrorKind" trait useless and so it was removed altogether. To provide compatibility with previous use of "ErrBox" an implementation of "From<ErrBox> for OpError" was added, however, it is an escape hatch and ops implementors should strive to use "OpError" directly. 2020-02-23 14:51:29 -05:00			`) -> Result<JsonOp, OpError> {`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`let args: PermissionArgs = serde_json::from_value(args)?;`
refactor: rename ThreadSafeState, use RefCell for mutable state (#3931) * rename ThreadSafeState to State * State stores InnerState wrapped in Rc and RefCell 2020-02-08 14:34:31 -05:00			`let mut state = state.borrow_mut();`
			`let permissions = &mut state.permissions;`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`let resolved_path = args.path.as_deref().map(resolve_path);`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`let perm = match args.name.as_ref() {`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`"run" => Ok(permissions.request_run()),`
upgrade: Rust 1.42.0 (#4331) 2020-03-12 13:07:57 -04:00			`"read" => {`
			`Ok(permissions.request_read(&resolved_path.as_deref().map(Path::new)))`
			`}`
			`"write" => {`
			`Ok(permissions.request_write(&resolved_path.as_deref().map(Path::new)))`
			`}`
			`"net" => permissions.request_net(&args.url.as_deref()),`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`"env" => Ok(permissions.request_env()),`
feat: first pass at native plugins (#3372) 2019-12-05 15:30:20 -05:00			`"plugin" => Ok(permissions.request_plugin()),`
refactor: Elevate DenoPermissions lock to top level (#3398) 2019-11-24 10:42:30 -05:00			`"hrtime" => Ok(permissions.request_hrtime()),`
refactor: use OpError instead of ErrBox for errors in ops (#4058) To better reflect changes in error types in JS from #3662 this PR changes default error type used in ops from "ErrBox" to "OpError". "OpError" is a type that can be sent over to JSON; it has all information needed to construct error in JavaScript. That made "GetErrorKind" trait useless and so it was removed altogether. To provide compatibility with previous use of "ErrBox" an implementation of "From<ErrBox> for OpError" was added, however, it is an escape hatch and ops implementors should strive to use "OpError" directly. 2020-02-23 14:51:29 -05:00			`n => Err(OpError::other(format!("No such permission name: {}", n))),`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`}?;`
			`Ok(JsonOp::Sync(json!({ "state": perm.to_string() })))`
			`}`