Ability to check symbol namespaces in `:allow` and `:deny`
manicolosi opened this issue · 3 comments
Is your feature request related to a problem? Please describe.
I'm trying to create a sandbox environment where only specific vars are exposed in the user namespace. I want to exclude clojure.core vars through the use of :allow. However I have some macros that need access to clojure.core. My approach is to alias some clojure.core vars in an impl namespace. For example, I don't want to expose mapv but I need in for my macro implementations.
Describe the solution you'd like
The ability to namespace qualify symbols in :allow and :deny:
(def my-each ^:sci/macro
(fn [_&form _&env coll body]
`(impl/mapv (impl/fn [item#]
(impl/let [~'%item item#]
~body))
~coll)))
(sci/eval-string (pr-str '(each %foo (+ %item %item)))
{:namespaces {'user {'each my-each}
'impl {'mapv mapv
'fn (with-meta @#'fn {:sci/macro true})
'let (with-meta @#'let {:sci/macro true})}}
:bindings {'%foo [1 2 3]}
:allow ['each 'impl/mapv 'impl/fn 'impl/let]})
This results in an exception: impl/mapv is not allowed!. However, this example works if I leave out :allow.
Describe alternatives you've considered
Ideally, macros could use clojure.core without exposing it to the programs that get eval'd.
Additional context
None
Hi! I think this PR fixes it more properly: #936
I don't think there should have ever been a reason why a non-namespaced symbol would be not allowed, probably just an oversight. If you can test this PR locally and it works, then I'll merge it.
Merged