Beginner
cli
Permission Management
There are times where depending on the state of permissions granted to a process, we want to do different things. This is made very easy to do with the Deno permissions API.
In the most simple case, we can just request a permission by it's name. In this case, we ask for --allow-env and prompt the user. The user will not be prompted if it was already allowed in the past and not revoked.
!--frsh-copybutton:1-->
let status = await Deno.permissions.request({ name: "env" });
if (status.state === "granted") {
console.log("'env' permission is granted.");
} else {
console.log("'env' permission is denied.");
}
There are also synchronous versions of all the permisison APIs
!--frsh-copybutton:2-->
status = Deno.permissions.requestSync({ name: "env" });
if (status.state === "granted") {
console.log("'env' permission is granted.");
} else {
console.log("'env' permission is denied.");
}
We can also query permissions without asking for them. In this case, we are querying whether or not we have the read permission. Not only can we query whether we have a permission or not, we can even specify what directories we have permissions in using the path option.
!--frsh-copybutton:3-->
const readStatus = await Deno.permissions.query({
name: "read",
path: "/etc",
});
console.log(readStatus.state);
In the case that we no longer need a permission, it is also possible to revoke a process's access to that permission. This is useful when a process starts running untrusted code.
!--frsh-copybutton:4-->
import { assert } from "https://deno.land/std@0.175.0/testing/asserts.ts";
const runStatus = await Deno.permissions.revoke({ name: "run" });
assert(runStatus.state !== "granted");
Run this example locally using the Deno CLI:
deno run https://byexample-wwv03xf36j0g.deno.dev/permissions.ts
Additional resources: