From 485b4c6301d246f413aa9de91c883c97cd4d1235 Mon Sep 17 00:00:00 2001 From: Nayeem Rahman Date: Tue, 12 Mar 2024 22:12:29 +0000 Subject: [PATCH] fix(runtime): negate partial condition for deny flags (#22866) --- runtime/permissions/lib.rs | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs index ca9d8084f7cb69..e83d465d866960 100644 --- a/runtime/permissions/lib.rs +++ b/runtime/permissions/lib.rs @@ -312,7 +312,7 @@ impl UnaryPermission { get_display_name: impl Fn() -> Option, ) -> Result<(), AnyError> { let (result, prompted, is_allow_all) = self - .query_desc(desc, AllowPartial::from(assert_non_partial)) + .query_desc(desc, AllowPartial::from(!assert_non_partial)) .check2( T::flag_name(), api_name, @@ -2858,6 +2858,31 @@ mod tests { assert_eq!(perms.env.revoke(Some("HomE")), PermissionState::Prompt); } + #[test] + fn test_check_partial_denied() { + let mut perms = Permissions { + read: Permissions::new_read( + &Some(vec![]), + &Some(vec![PathBuf::from("/foo/bar")]), + false, + ) + .unwrap(), + write: Permissions::new_write( + &Some(vec![]), + &Some(vec![PathBuf::from("/foo/bar")]), + false, + ) + .unwrap(), + ..Default::default() + }; + + perms.read.check_partial(Path::new("/foo"), None).unwrap(); + assert!(perms.read.check(Path::new("/foo"), None).is_err()); + + perms.write.check_partial(Path::new("/foo"), None).unwrap(); + assert!(perms.write.check(Path::new("/foo"), None).is_err()); + } + #[test] fn test_deserialize_child_permissions_arg() { set_prompter(Box::new(TestPrompter));