From 2cfdad33811472603e97127155ea77ef748bc49c Mon Sep 17 00:00:00 2001
From: "Kartik K. Agaram" <vc@akkartik.com>
Date: Thu, 3 Mar 2022 22:28:01 -0800
Subject: [PATCH] simplify permissions model for file operations

We don't care to distinguish modes like "rw" or "a+". An app is
permitted to perform either just reads or both reads and writes.
---
 src/kilo.c   | 4 ++--
 src/teliva.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/kilo.c b/src/kilo.c
index 8f361a1..da58368 100644
--- a/src/kilo.c
+++ b/src/kilo.c
@@ -1357,7 +1357,7 @@ void editFilePermissions(char* filename) {
         editorRefreshScreen(editorNonCodeMenu);
         int y, x;
         getyx(stdscr, y, x);
-        mvaddstr(0, 0, "function file_operation_permitted(caller, filename, mode)");
+        mvaddstr(0, 0, "function file_operation_permitted(caller, filename, is_write)");
         mvaddstr(MIN(E.startrow + E.numrows, E.endrow), 0, "end");
         mvaddstr(y, x, "");
         int c = getch();
@@ -1464,7 +1464,7 @@ void resumeFilePermissionsEdit() {
         editorRefreshScreen(editorNonCodeMenu);
         int y, x;
         getyx(stdscr, y, x);
-        mvaddstr(0, 0, "function file_operation_permitted(caller, filename, mode)");
+        mvaddstr(0, 0, "function file_operation_permitted(caller, filename, is_write)");
         mvaddstr(MIN(E.startrow + E.numrows, E.endrow), 0, "end");
         mvaddstr(y, x, "");
         int c = getch();
diff --git a/src/teliva.c b/src/teliva.c
index e739f4f..90da6f1 100644
--- a/src/teliva.c
+++ b/src/teliva.c
@@ -1313,7 +1313,7 @@ int file_operation_permitted(const char* caller, const char* filename, const cha
   lua_getglobal(trustedL, "file_operation_permitted");
   lua_pushstring(trustedL, caller);
   lua_pushstring(trustedL, filename);
-  lua_pushstring(trustedL, mode);
+  lua_pushboolean(trustedL, strncmp(mode, "r", /*strlen("r") + 1 for NULL*/ 2) != 0);
   if (lua_pcall(trustedL, 3 /*args*/, 1 /*result*/, /*errfunc*/0)) {
     /* TODO: error handling. Or should we use errfunc above? */
   }
@@ -1403,7 +1403,7 @@ static void render_permissions_screen() {
   attrset(A_NORMAL);
 
   mvaddstr(7, 5, "File operations");
-  mvaddstr(7, 30, "function file_operation_permitted(caller, filename, mode)");
+  mvaddstr(7, 30, "function file_operation_permitted(caller, filename, is_write)");
   int y = render_wrapped_text(8, 32, COLS-5, file_operations_predicate_body);
   mvaddstr(y, 30, "end");
   y++;
@@ -1488,7 +1488,7 @@ int validate_file_operations_predicate() {
 
 static int load_file_operations_predicate(const char* body) {
   char buffer[1024] = {0};
-  strcpy(buffer, "function file_operation_permitted(caller, filename, mode)\n");
+  strcpy(buffer, "function file_operation_permitted(caller, filename, is_write)\n");
   strncat(buffer, body, 1020);
   if (buffer[strlen(buffer)-1] != '\n')
     strncat(buffer, "\n", 1020);