Permission management
There are times where depending on the state of permissions granted to a process, we want to do different things. This is made very easy to do with the Deno permissions API.
In the most simple case, we can just request a permission by it's name. In this case, we ask for -E and prompt the user. The user will not be prompted if it was already allowed in the past and not revoked.
let status = await Deno.permissions.request({ name: "env" }); if (status.state === "granted") { console.log("'env' permission is granted."); } else { console.log("'env' permission is denied."); }There are also synchronous versions of all the permission APIs
status = Deno.permissions.requestSync({ name: "env" }); if (status.state === "granted") { console.log("'env' permission is granted."); } else { console.log("'env' permission is denied."); }We can also query permissions without asking for them. In this case, we are querying whether or not we have the read permission. Not only can we query whether we have a permission or not, we can even specify what directories we have permissions in using the path option.
const readStatus = await Deno.permissions.query({ name: "read", path: "/etc", }); console.log(readStatus.state);In the case that we no longer need a permission, it is also possible to revoke a process's access to that permission. This is useful when a process starts running untrusted code.
import { assert } from "jsr:@std/assert"; const runStatus = await Deno.permissions.revoke({ name: "run" }); assert(runStatus.state !== "granted");Run this example locally using the Deno CLI:
deno run https://docs.deno.com/examples/scripts/permissions.ts