fix(config): address permission profile review follow-ups (#29479)

## Summary

- rename `Config::permission_profile_allowed` to
`is_permission_profile_allowed`
- use `BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS` in the TUI and
its assertion
- follow up on the late review comments from #26678

The previous `:danger-no-sandbox` value was an invalid built-in profile
ID. #26678 corrected it to `:danger-full-access`; this PR centralizes
the value to prevent future drift.

## Testing

- Not run per request; `cargo fmt` only

Co-authored-by: Codex <noreply@openai.com>
This commit is contained in:
viyatb-oai
2026-06-22 14:05:50 -07:00
committed by GitHub
Unverified
parent cb255c52e9
commit 6db576895a
3 changed files with 6 additions and 4 deletions
+1 -1
View File
@@ -4108,7 +4108,7 @@ impl Config {
}
/// Returns whether effective requirements allow selecting a concrete profile.
pub fn permission_profile_allowed(
pub fn is_permission_profile_allowed(
&self,
profile_id: &str,
permission_profile: &PermissionProfile,
@@ -1,4 +1,5 @@
use super::*;
use codex_protocol::models::BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS;
impl ChatWidget {
pub(super) fn open_permission_profiles_popup(&mut self) {
@@ -48,7 +49,7 @@ impl ChatWidget {
}
items.push(self.builtin_permission_mode_selection_item(
full_access,
":danger-full-access",
BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS,
full_access.description.to_string(),
AskForApproval::from(full_access.approval),
ApprovalsReviewer::User,
@@ -146,7 +147,7 @@ impl ChatWidget {
.or_else(|| {
(!self
.config
.permission_profile_allowed(id, &preset.permission_profile))
.is_permission_profile_allowed(id, &preset.permission_profile))
.then(|| "Disabled by requirements.".to_string())
}),
..Default::default()
@@ -1,6 +1,7 @@
use super::*;
use crate::legacy_core::config::PermissionProfileCatalogEntry;
use codex_protocol::models::ActivePermissionProfile;
use codex_protocol::models::BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS;
use codex_protocol::models::ManagedFileSystemPermissions;
use codex_protocol::permissions::FileSystemAccessMode;
use codex_protocol::permissions::FileSystemPath;
@@ -283,7 +284,7 @@ async fn profile_permissions_full_access_opens_confirmation() {
display_label,
}),
} if preset.id == "full-access"
&& profile_id == ":danger-full-access"
&& profile_id == BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS
&& display_label == "Full Access"
));
}