( toolPermissionContext: ToolPermissionContext, rules: PermissionRule[], )
| 1417 | * Sync permission rules from disk (replacement - for settings changes) |
| 1418 | */ |
| 1419 | export function syncPermissionRulesFromDisk( |
| 1420 | toolPermissionContext: ToolPermissionContext, |
| 1421 | rules: PermissionRule[], |
| 1422 | ): ToolPermissionContext { |
| 1423 | let context = toolPermissionContext |
| 1424 | |
| 1425 | // When allowManagedPermissionRulesOnly is enabled, clear all non-policy sources |
| 1426 | if (shouldAllowManagedPermissionRulesOnly()) { |
| 1427 | const sourcesToClear: PermissionUpdateDestination[] = [ |
| 1428 | 'userSettings', |
| 1429 | 'projectSettings', |
| 1430 | 'localSettings', |
| 1431 | 'cliArg', |
| 1432 | 'session', |
| 1433 | ] |
| 1434 | const behaviors: PermissionBehavior[] = ['allow', 'deny', 'ask'] |
| 1435 | |
| 1436 | for (const source of sourcesToClear) { |
| 1437 | for (const behavior of behaviors) { |
| 1438 | context = applyPermissionUpdate(context, { |
| 1439 | type: 'replaceRules', |
| 1440 | rules: [], |
| 1441 | behavior, |
| 1442 | destination: source, |
| 1443 | }) |
| 1444 | } |
| 1445 | } |
| 1446 | } |
| 1447 | |
| 1448 | // Clear all disk-based source:behavior combos before applying new rules. |
| 1449 | // Without this, removing a rule from settings (e.g. deleting a deny entry) |
| 1450 | // would leave the old rule in the context because convertRulesToUpdates |
| 1451 | // only generates replaceRules for source:behavior pairs that have rules — |
| 1452 | // an empty group produces no update, so stale rules persist. |
| 1453 | const diskSources: PermissionUpdateDestination[] = [ |
| 1454 | 'userSettings', |
| 1455 | 'projectSettings', |
| 1456 | 'localSettings', |
| 1457 | ] |
| 1458 | for (const diskSource of diskSources) { |
| 1459 | for (const behavior of ['allow', 'deny', 'ask'] as PermissionBehavior[]) { |
| 1460 | context = applyPermissionUpdate(context, { |
| 1461 | type: 'replaceRules', |
| 1462 | rules: [], |
| 1463 | behavior, |
| 1464 | destination: diskSource, |
| 1465 | }) |
| 1466 | } |
| 1467 | } |
| 1468 | |
| 1469 | const updates = convertRulesToUpdates(rules, 'replaceRules') |
| 1470 | return applyPermissionUpdates(context, updates) |
| 1471 | } |
| 1472 | |
| 1473 | /** |
| 1474 | * Extract updatedInput from a permission result, falling back to the original input. |
no test coverage detected