1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-15 18:38:53 -05:00
Commit graph

9 commits

Author SHA1 Message Date
Asher Gomez
6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00
Bartek Iwańczuk
dda0f1c343
refactor(serde_v8): split ZeroCopyBuf into JsBuffer and ToJsBuffer (#19566)
`ZeroCopyBuf` was convenient to use, but sometimes it did hide details
that some copies were necessary in certain cases. Also it made it way to easy
for the caller to pass around and convert into different values. This commit
splits `ZeroCopyBuf` into `JsBuffer` (an array buffer coming from V8) and
`ToJsBuffer` (a Rust buffer that will be converted into a V8 array buffer).

As a result some magical conversions were removed (they were never used)
limiting the API surface and preparing for changes in #19534.
2023-06-22 23:37:56 +02:00
Hirotaka Tagawa / wafuwafu13
114ec3c1f7
feat(ext/fs): add isBlockDevice, isCharDevice, isFifo, isSocket to FileInfo (#19008)
`isFile`, `isDirectory`, `isSymlink` are defined in `Deno.FileInfo`, but
`isBlockDevice`, `isCharacterDevice`, `isFIFO`, `isSocket` are not
defined.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-05-24 21:18:13 +02:00
David Sherret
e0f07ab8cd
fix(ext/fs): add more context_path (#19101) 2023-05-11 23:05:37 +00:00
Luca Casonato
1f9d47b174
refactor: prefix ops w/ crate they are defined in (#19044)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-05-08 23:07:45 +02:00
David Sherret
df1ca4a158
refactor(ext/fs): deno_fs::FileSystem - conditional Send + Sync (#18993)
This allows for having a conditional `Send + Sync` on the file system trait for Deploy.
2023-05-08 11:02:02 -04:00
David Sherret
5270c43e41
refactor(ext/fs): boxed deno_fs::FileSystem (#18945)
1. Boxed `File` and `FileSystem` to allow more easily passing this
through the CLI code (as shown within this pr).
2. `StdFileResource` is now `FileResource`. `FileResource` now contains
an `Rc<dyn File>`.
2023-05-04 14:28:42 -04:00
Luca Casonato
bcbdaac7e6
chore(ext/fs): decouple fs trait from deno_core (#18732)
This commit removes the dependencies on `deno_core` for the Fs trait.
This allows to move the trait into a different crate that does not
depend on core in the limit.

This adds a new `bounds` field to `deno_core::extension!` that expands
to `where` clauses on the generated code. This allows to add bounds to
the extension parameters, such as `Fs::File: Resource`.
2023-04-17 16:10:59 +02:00
Luca Casonato
f90caa821c
refactor(ext/fs): abstract FS via FileSystem trait (#18599)
This commit abstracts out the specifics of the underlying system calls
FS operations behind a new `FileSystem` and `File` trait in the
`ext/fs` extension.

This allows other embedders to re-use ext/fs, but substituting in a
different FS backend.

This is likely not the final form of these traits. Eventually they will
be entirely `deno_core::Resource` agnostic, and will live in a seperate
crate.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-04-12 15:13:32 +02:00