@@ -866,8 +866,10 @@ void Access(const FunctionCallbackInfo<Value>& args) {
866866
867867 BufferValue path (isolate, args[0 ]);
868868 CHECK_NOT_NULL (*path);
869- THROW_IF_INSUFFICIENT_PERMISSIONS (
870- env, policy::Permission::kFileSystemIn , *path);
869+ // TODO(rafaelgss): likely it will need to be handled in the JS only
870+ // See: https://github.com/nodejs/node/pull/35487
871+ /* THROW_IF_INSUFFICIENT_PERMISSIONS( */
872+ /* env, policy::Permission::kFileSystemIn, *path); */
871873
872874 FSReqBase* req_wrap_async = GetReqWrap (args, 2 );
873875 if (req_wrap_async != nullptr ) { // access(path, mode, req)
@@ -1653,8 +1655,10 @@ static void ReadDir(const FunctionCallbackInfo<Value>& args) {
16531655
16541656 BufferValue path (isolate, args[0 ]);
16551657 CHECK_NOT_NULL (*path);
1656- THROW_IF_INSUFFICIENT_PERMISSIONS (
1657- env, policy::Permission::kFileSystemIn , *path);
1658+ // TODO(rafaelgss): likely it will need to be handled in the JS only
1659+ // See: https://github.com/nodejs/node/pull/35487
1660+ /* THROW_IF_INSUFFICIENT_PERMISSIONS( */
1661+ /* env, policy::Permission::kFileSystemIn, *path); */
16581662
16591663 const enum encoding encoding = ParseEncoding (isolate, args[1 ], UTF8);
16601664
@@ -1741,16 +1745,28 @@ static void Open(const FunctionCallbackInfo<Value>& args) {
17411745
17421746 BufferValue path (env->isolate (), args[0 ]);
17431747 CHECK_NOT_NULL (*path);
1744- // Open can be called either in write or read
1745- THROW_IF_INSUFFICIENT_PERMISSIONS (
1746- env, policy::Permission::kFileSystem , *path);
17471748
17481749 CHECK (args[1 ]->IsInt32 ());
17491750 const int flags = args[1 ].As <Int32>()->Value ();
17501751
17511752 CHECK (args[2 ]->IsInt32 ());
17521753 const int mode = args[2 ].As <Int32>()->Value ();
17531754
1755+ // Open can be called either in write or read
1756+ if (flags == O_RDWR) {
1757+ // TODO(rafaelgss): it can be optimized to void n*m
1758+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1759+ env, policy::Permission::kFileSystemIn , *path);
1760+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1761+ env, policy::Permission::kFileSystemOut , *path);
1762+ } else if ((flags &~ (O_RDONLY | O_SYNC)) == 0 ) {
1763+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1764+ env, policy::Permission::kFileSystemIn , *path);
1765+ } else if ((flags & (O_APPEND | O_TRUNC | O_CREAT | O_WRONLY)) != 0 ) {
1766+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1767+ env, policy::Permission::kFileSystemOut , *path);
1768+ }
1769+
17541770 FSReqBase* req_wrap_async = GetReqWrap (args, 3 );
17551771 if (req_wrap_async != nullptr ) { // open(path, flags, mode, req)
17561772 req_wrap_async->set_is_plain_open (true );
@@ -1787,6 +1803,21 @@ static void OpenFileHandle(const FunctionCallbackInfo<Value>& args) {
17871803 CHECK (args[2 ]->IsInt32 ());
17881804 const int mode = args[2 ].As <Int32>()->Value ();
17891805
1806+ // Open can be called either in write or read
1807+ if (flags == O_RDWR) {
1808+ // TODO(rafaelgss): it can be optimized to void n*m
1809+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1810+ env, policy::Permission::kFileSystemIn , *path);
1811+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1812+ env, policy::Permission::kFileSystemOut , *path);
1813+ } else if ((flags &~ (O_RDONLY | O_SYNC)) == 0 ) {
1814+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1815+ env, policy::Permission::kFileSystemIn , *path);
1816+ } else if ((flags & (O_APPEND | O_TRUNC | O_CREAT | O_WRONLY)) != 0 ) {
1817+ THROW_IF_INSUFFICIENT_PERMISSIONS (
1818+ env, policy::Permission::kFileSystemOut , *path);
1819+ }
1820+
17901821 FSReqBase* req_wrap_async = GetReqWrap (args, 3 );
17911822 if (req_wrap_async != nullptr ) { // openFileHandle(path, flags, mode, req)
17921823 AsyncCall (env, req_wrap_async, args, " open" , UTF8, AfterOpenFileHandle,
@@ -1856,8 +1887,6 @@ static void WriteBuffer(const FunctionCallbackInfo<Value>& args) {
18561887
18571888 CHECK (args[0 ]->IsInt32 ());
18581889 const int fd = args[0 ].As <Int32>()->Value ();
1859- THROW_IF_INSUFFICIENT_PERMISSIONS (
1860- env, policy::Permission::kFileSystemOut , fd);
18611890
18621891 CHECK (Buffer::HasInstance (args[1 ]));
18631892 Local<Object> buffer_obj = args[1 ].As <Object>();
@@ -1958,8 +1987,6 @@ static void WriteString(const FunctionCallbackInfo<Value>& args) {
19581987 CHECK_GE (argc, 4 );
19591988 CHECK (args[0 ]->IsInt32 ());
19601989 const int fd = args[0 ].As <Int32>()->Value ();
1961- THROW_IF_INSUFFICIENT_PERMISSIONS (
1962- env, policy::Permission::kFileSystemOut , fd);
19631990
19641991 const int64_t pos = GetOffset (args[2 ]);
19651992
@@ -2061,8 +2088,6 @@ static void Read(const FunctionCallbackInfo<Value>& args) {
20612088
20622089 CHECK (args[0 ]->IsInt32 ());
20632090 const int fd = args[0 ].As <Int32>()->Value ();
2064- THROW_IF_INSUFFICIENT_PERMISSIONS (
2065- env, policy::Permission::kFileSystemIn , fd);
20662091
20672092 CHECK (Buffer::HasInstance (args[1 ]));
20682093 Local<Object> buffer_obj = args[1 ].As <Object>();
0 commit comments