Deno: Capabilities of process

process.permissions = { allow_write: true, allow_env: false, ... }

So i assume there is something missing in the doc?
I was looking at: https://deno.land/typedoc/classes/_deno_.process.html

Sorry, I was just arguing that it should be the above. Not sure if it's already exposed.

Edit: perhaps it should be toplevel (Deno.permissions) not sure.

If not i think it would be very nice to expose it.

This may be related too: https://github.com/denoland/deno/issues/1008

But this is not accessible on ts side

import * as deno from "deno"

Here deno does not expose permissions or anything related.

AFAICT what @zekth is proposing can't be done. Creating subprocess is done via Command which does not have any API to control such permissions.

ie. It's not possible to use Deno permissions in subprocess.

I may have misexplained but it was not about subprocess. It was about the main deno process. If i try for example : deno foo.ts --allow-read
In foo.ts, i wanted to know if i can check for example if i can read or not.

I'm not sure how necessary this is since even if a permission is not enabled it will still give the user a prompt to allow it during execution.

Yes i found that but on the event of trying to access to this permission. In another case we can have for example a webserver which for sure requires --allow-net. So when you launch the process you have the prompt telling you this if you don't provide the permission. But admit there is an endpoint on the webserver which writes on the disk. You don't necessarily have the prompt accessible at this moment. For example on docker swarm deployement etc.
So you'll do a docker logs dockername but you can't send command to the prompt.

So you have the solution to use deno foo.ts -A but this is not really a solution.

I guess what we really need is a flag that disables said prompts, and a soft failure mode for the code making the request.

Totally agree with this with revelant error like:

Read permission needed and not provided

ref: #1591

In an ideal world we could catch this before execution starts by directly importing the resources required(run function, read function, etc), and having the compiler error us if the permissions are not available. This would get pretty messy to implement though.

Closing this issue because --deny is somehow a solution of my use case. But like @afinch7 it would be nice to have at the start of execution.

I still think permissions = { allow_write: true, allow_env: false, ... } would be nice to have.

While we are talking about the permissions I think that a allowing a permission shouldn't allow it for the rest of execution. To sum everything up so far we need:

• [x] No prompts command line flag for non interactive terminals
• [x] Allow once, allow always(same as the --allow-x flag), don't allow once, and don't allow don't ask again options for the prompt.
• [x] (Optional)A way to read current always allowed items from runtime. Looks like there is already a PR for this see #1875.

Closing because #1875 was merged