feat: Deno.cwd() no longer requires --allow-read permission (#27192)

This commit changes "Deno.cwd()" (as well as "process.cwd()") to no
longer require full "--allow-read" permission. This change was meant to be done
in Deno 2.0.0, but somehow it slipped. Requiring full read permission
just to read the CWD is a mistake, because CWD can already be obtained
with no permission by throwing an error in JS and inspecting its stack.

Fixes #27110

---------

Co-authored-by: Bartek Iwańczuk <[email protected]>

ext/fs/ops.rs

@@ -171,9 +171,6 @@ where
 {
   let fs = state.borrow::<FileSystemRc>();
   let path = fs.cwd()?;
-  state
-    .borrow_mut::<P>()
-    .check_read_blind(&path, "CWD", "Deno.cwd()")?;
   let path_str = path_into_string(path.into_os_string())?;
   Ok(path_str)
 }

tests/integration/compile_tests.rs

@@ -820,14 +820,14 @@ fn compile_npm_cowsay_main() {
 #[test]
 fn compile_npm_no_permissions() {
   run_npm_bin_compile_test(RunNpmBinCompileOptions {
-    input_specifier: "npm:[email protected].0",
+    input_specifier: "npm:@denotest/[email protected].0",
     copy_temp_dir: None,
-    compile_args: vec![],
+    compile_args: vec!["-o", "denotest"],
     run_args: vec!["Hello"],
-    output_file: "npm/deno_run_cowsay_no_permissions.out",
+    output_file: "npm/compile_npm_no_permissions.out",
     node_modules_local: false,
     input_name: None,
-    expected_name: "cowsay",
+    expected_name: "denotest",
     exit_code: 1,
   });
 }

tests/integration/run_tests.rs

@@ -358,10 +358,12 @@ fn permissions_prompt_allow_all_2() {
       console.write_line_raw("A");
       console.expect("✅ Granted all sys access.");
 
+      let text = console.read_until("Allow? [y/n/A] (y = yes, allow; n = no, deny; A = allow all read permissions)");
       // "read" permissions
-      console.expect(concat!(
-        "┏ ⚠️  Deno requests read access to <CWD>.\r\n",
-        "┠─ Requested by `Deno.cwd()` API.\r\n",
+      test_util::assertions::assert_wildcard_match(&text, concat!(
+        "\r\n",
+        "┏ ⚠️  Deno requests read access to \"[WILDCARD]/tests/testdata/\".\r\n",
+        "┠─ Requested by `Deno.lstatSync()` API.\r\n",
         "┠─ To see a stack trace for this prompt, set the DENO_TRACE_PERMISSIONS environmental variable.\r\n",
         "┠─ Learn more at: https://docs.deno.com/go/--allow-read\r\n",
         "┠─ Run again with --allow-read to bypass this prompt.\r\n",

tests/registry/npm/@denotest/cli-with-permissions/1.0.0/index.js

@@ -0,0 +1,3 @@
+console.log("Hello in CLI with permissions");
+console.log("Reading DENO_HELLO env var...");
+console.log(Deno.env.get("DENO_HELLO"));

tests/registry/npm/@denotest/cli-with-permissions/1.0.0/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "@denotest/cli-with-permissions",
+  "version": "1.0.0",
+  "bin": "./index.js"
+}

tests/testdata/npm/compile_npm_no_permissions.out

@@ -0,0 +1,5 @@
+Hello in CLI with permissions
+Reading DENO_HELLO env var...
+error: Uncaught (in promise) NotCapable: Requires env access to "DENO_HELLO", specify the required permissions during compilation using `deno compile --allow-env`
+console.log(Deno.env.get("DENO_HELLO"));
+[WILDCARD]

tests/unit/dir_test.ts

@@ -38,16 +38,6 @@ Deno.test({ permissions: { read: true, write: true } }, function dirCwdError() {
   }
 });
 
-Deno.test({ permissions: { read: false } }, function dirCwdPermError() {
-  assertThrows(
-    () => {
-      Deno.cwd();
-    },
-    Deno.errors.NotCapable,
-    "Requires read access to <CWD>, run again with the --allow-read flag",
-  );
-});
-
 Deno.test(
   { permissions: { read: true, write: true } },
   function dirChdirError() {