1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-19 12:16:17 -05:00
denoland-deno/cli/tests/testdata/run/deny_some_permission_args.js
Asher Gomez 6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00

22 lines
1.5 KiB
JavaScript

console.log(Deno.permissions.querySync({ name: "env" }));
console.log(Deno.permissions.querySync({ name: "env", variable: "FOO" }));
console.log(Deno.permissions.querySync({ name: "env", variable: "BAR" }));
console.log(Deno.permissions.querySync({ name: "read" }));
console.log(Deno.permissions.querySync({ name: "read", path: "/foo" }));
console.log(Deno.permissions.querySync({ name: "read", path: "/bar" }));
console.log(Deno.permissions.querySync({ name: "write" }));
console.log(Deno.permissions.querySync({ name: "write", path: "/foo" }));
console.log(Deno.permissions.querySync({ name: "write", path: "/bar" }));
console.log(Deno.permissions.querySync({ name: "ffi" }));
console.log(Deno.permissions.querySync({ name: "ffi", path: "/foo" }));
console.log(Deno.permissions.querySync({ name: "ffi", path: "/bar" }));
console.log(Deno.permissions.querySync({ name: "run" }));
console.log(Deno.permissions.querySync({ name: "run", command: "foo" }));
console.log(Deno.permissions.querySync({ name: "run", command: "bar" }));
console.log(Deno.permissions.querySync({ name: "sys" }));
console.log(Deno.permissions.querySync({ name: "sys", kind: "hostname" }));
console.log(Deno.permissions.querySync({ name: "sys", kind: "loadavg" }));
console.log(Deno.permissions.querySync({ name: "net" }));
console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" }));
console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" }));
console.log(Deno.permissions.querySync({ name: "hrtime" }));