From 09a0cfd349303979fa9a21aac800d215d318384e Mon Sep 17 00:00:00 2001
From: Cory McWilliams <cory@unprompted.com>
Date: Sun, 26 Oct 2025 09:09:52 -0400
Subject: [PATCH] core: core.permissionsGranted() JS => C.

---
 core/core.js |  16 -------
 src/api.js.c | 116 ++++++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 102 insertions(+), 30 deletions(-)

diff --git a/core/core.js b/core/core.js
index f3f26b93..82956f06 100644
--- a/core/core.js
+++ b/core/core.js
@@ -199,22 +199,6 @@ async function getProcessBlob(blobId, key, options) {
 				core: {
 					broadcast: broadcast.bind(process),
 					user: getUser(process, process),
-					permissionsGranted: async function () {
-						let user = process?.credentials?.session?.name;
-						let settings = await loadSettings();
-						if (
-							user &&
-							options?.packageOwner &&
-							options?.packageName &&
-							settings.userPermissions &&
-							settings.userPermissions[user] &&
-							settings.userPermissions[user][options.packageOwner]
-						) {
-							return settings.userPermissions[user][options.packageOwner][
-								options.packageName
-							];
-						}
-					},
 					allPermissionsGranted: async function () {
 						let user = process?.credentials?.session?.name;
 						let settings = await loadSettings();
diff --git a/src/api.js.c b/src/api.js.c
index b5139c1f..fec610a2 100644
--- a/src/api.js.c
+++ b/src/api.js.c
@@ -321,6 +321,107 @@ static JSValue _tf_api_core_permissionsForUser(JSContext* context, JSValueConst
 	return result;
 }
 
+typedef struct _permissions_granted_t
+{
+	JSContext* context;
+	const char* user;
+	const char* package_owner;
+	const char* package_name;
+	const char* settings;
+	JSValue promise[2];
+} permissions_granted_t;
+
+static void _tf_api_core_permissions_granted_work(tf_ssb_t* ssb, void* user_data)
+{
+	permissions_granted_t* work = user_data;
+	work->settings = tf_ssb_db_get_property(ssb, "core", "settings");
+}
+
+static void _tf_api_core_permissions_granted_after_work(tf_ssb_t* ssb, int status, void* user_data)
+{
+	permissions_granted_t* work = user_data;
+	JSContext* context = work->context;
+	JSValue result = JS_UNDEFINED;
+	if (work->settings)
+	{
+		JSValue json = JS_ParseJSON(context, work->settings, strlen(work->settings), NULL);
+		if (JS_IsObject(json) &&
+			work->user &&
+			work->package_owner &&
+			work->package_name)
+		{
+			JSValue user_permissions = JS_GetPropertyStr(context, json, "userPermissions");
+			if (JS_IsObject(user_permissions))
+			{
+				JSValue user = JS_GetPropertyStr(context, user_permissions, work->user);
+				if (JS_IsObject(user))
+				{
+					JSValue package_owner = JS_GetPropertyStr(context, user, work->package_owner);
+					if (JS_IsObject(package_owner))
+					{
+						result = JS_GetPropertyStr(context, package_owner, work->package_name);
+					}
+					JS_FreeValue(context, package_owner);
+				}
+				JS_FreeValue(context, user);
+			}
+			JS_FreeValue(context, user_permissions);
+		}
+		JS_FreeValue(context, json);
+		tf_free((void*)work->settings);
+	}
+
+	JSValue error = JS_Call(context, work->promise[0], JS_UNDEFINED, 1, &result);
+	tf_util_report_error(context, error);
+	JS_FreeValue(context, error);
+	JS_FreeValue(context, result);
+	JS_FreeValue(context, work->promise[0]);
+	JS_FreeValue(context, work->promise[1]);
+	tf_free((void*)work->user);
+	tf_free((void*)work->package_owner);
+	tf_free((void*)work->package_name);
+	tf_free(work);
+}
+
+static const char* _tf_ssb_get_process_credentials_session_name(JSContext* context, JSValue process)
+{
+	JSValue credentials = JS_IsObject(process) ? JS_GetPropertyStr(context, process, "credentials") : JS_UNDEFINED;
+	JSValue session = JS_IsObject(credentials) ? JS_GetPropertyStr(context, credentials, "session") : JS_UNDEFINED;
+	JSValue name_value = JS_IsObject(session) ? JS_GetPropertyStr(context, session, "name") : JS_UNDEFINED;
+	const char* name = JS_IsString(name_value) ? JS_ToCString(context, name_value) : NULL;
+	const char* result = tf_strdup(name);
+	JS_FreeCString(context, name);
+	JS_FreeValue(context, name_value);
+	JS_FreeValue(context, session);
+	JS_FreeValue(context, credentials);
+	return result;
+}
+
+static JSValue _tf_api_core_permissionsGranted(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv, int magic, JSValue* data)
+{
+	tf_task_t* task = tf_task_get(context);
+	tf_ssb_t* ssb = tf_task_get_ssb(task);
+	JSValue process = data[0];
+	JSValue package_owner_value = JS_GetPropertyStr(context, process, "packageOwner");
+	JSValue package_name_value = JS_GetPropertyStr(context, process, "packageName");
+	const char* package_owner = JS_ToCString(context, package_owner_value);
+	const char* package_name = JS_ToCString(context, package_name_value);
+	permissions_granted_t* work = tf_malloc(sizeof(permissions_granted_t));
+	*work = (permissions_granted_t) {
+		.context = context,
+		.user = _tf_ssb_get_process_credentials_session_name(context, process),
+		.package_owner = tf_strdup(package_owner),
+		.package_name = tf_strdup(package_name),
+	};
+	JS_FreeCString(context, package_owner);
+	JS_FreeCString(context, package_name);
+	JS_FreeValue(context, package_owner_value);
+	JS_FreeValue(context, package_name_value);
+	JSValue result = JS_NewPromiseCapability(context, work->promise);
+	tf_ssb_run_work(ssb, _tf_api_core_permissions_granted_work, _tf_api_core_permissions_granted_after_work, work);
+	return result;
+}
+
 typedef struct _active_identity_work_t
 {
 	JSContext* context;
@@ -385,20 +486,6 @@ static void _tf_ssb_getActiveIdentity_after_work(tf_ssb_t* ssb, int status, void
 	tf_free(request);
 }
 
-static const char* _tf_ssb_get_process_credentials_session_name(JSContext* context, JSValue process)
-{
-	JSValue credentials = JS_IsObject(process) ? JS_GetPropertyStr(context, process, "credentials") : JS_UNDEFINED;
-	JSValue session = JS_IsObject(credentials) ? JS_GetPropertyStr(context, credentials, "session") : JS_UNDEFINED;
-	JSValue name_value = JS_IsObject(session) ? JS_GetPropertyStr(context, session, "name") : JS_UNDEFINED;
-	const char* name = JS_ToCString(context, name_value);
-	const char* result = tf_strdup(name);
-	JS_FreeCString(context, name);
-	JS_FreeValue(context, name_value);
-	JS_FreeValue(context, session);
-	JS_FreeValue(context, credentials);
-	return result;
-}
-
 static JSValue _tf_ssb_getActiveIdentity(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv, int magic, JSValue* data)
 {
 	tf_task_t* task = tf_task_get(context);
@@ -724,6 +811,7 @@ static JSValue _tf_api_register_imports(JSContext* context, JSValueConst this_va
 	JS_SetPropertyStr(context, core, "users", JS_NewCFunctionData(context, _tf_api_core_users, 0, 0, 1, &process));
 
 	JS_SetPropertyStr(context, core, "permissionsForUser", JS_NewCFunctionData(context, _tf_api_core_permissionsForUser, 1, 0, 1, &process));
+	JS_SetPropertyStr(context, core, "permissionsGranted", JS_NewCFunctionData(context, _tf_api_core_permissionsGranted, 0, 0, 1, &process));
 
 	JSValue app = JS_NewObject(context);
 	JS_SetPropertyStr(context, app, "owner", JS_GetPropertyStr(context, process, "packageOwner"));