From 9946d2ffc53a26f07302b296d2a580151f8a91ae Mon Sep 17 00:00:00 2001
From: KernelDeimos <7225168+KernelDeimos@users.noreply.github.com>
Date: Wed, 1 Oct 2025 16:46:59 -0400
Subject: [PATCH] dev(extensions): event for extensions to grant permst

---
 extensions/hellodriver/hellodriver.js         |  8 +++++
 .../src/services/auth/PermissionService.js    | 32 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/extensions/hellodriver/hellodriver.js b/extensions/hellodriver/hellodriver.js
index 9e26d89c..67e79348 100644
--- a/extensions/hellodriver/hellodriver.js
+++ b/extensions/hellodriver/hellodriver.js
@@ -67,3 +67,11 @@ extension.on('create.drivers', event => {
         },
     });
 });
+
+/**
+ * Here we specify that both registered and temporary users are allowed
+ * to access the `no-frills` implementation of the `hello-world` driver.
+ */
+extension.on('create.permissions', event => {
+    event.grant_to_everyone('service:no-frills:ii:hello-world');
+});
diff --git a/src/backend/src/services/auth/PermissionService.js b/src/backend/src/services/auth/PermissionService.js
index 92ddea08..f045df58 100644
--- a/src/backend/src/services/auth/PermissionService.js
+++ b/src/backend/src/services/auth/PermissionService.js
@@ -18,6 +18,7 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 const APIError = require('../../api/APIError');
+const { hardcoded_user_group_permissions } = require('../../data/hardcoded-permissions.js');
 const { ECMAP } = require('../../filesystem/ECMAP');
 const { get_user, get_app } = require('../../helpers');
 const { reading_has_terminal } = require('../../unstructured/permission-scan-lib');
@@ -71,6 +72,37 @@ class PermissionService extends BaseService {
         this.kvAvgTimes = { count: 0, avg: 0, max: 0 };
         this.dbAvgTimes = { count: 0, avg: 0, max: 0 };
     }
+    
+    async ['__on_boot.consolidation'] () {
+        const svc_event = this.services.get('event');
+        // Event to allow extensions to add permissions
+        {
+            const event = {};
+            event.grant_to_everyone = permission => {
+                /* eslint-disable */
+                hardcoded_user_group_permissions
+                    .system
+                    [this.global_config.default_temp_group]
+                    [permission]
+                    = {};
+                hardcoded_user_group_permissions
+                    .system
+                    [this.global_config.default_user_group]
+                    [permission]
+                    = {};
+                /* eslint-enable */
+            };
+            event.grant_to_users = permission => {
+                /* eslint-disable */
+                hardcoded_user_group_permissions
+                    [this.global_config.default_user_group]
+                    [permission]
+                    = {};
+                /* eslint-enable */
+            };
+            svc_event.emit('create.permissions', event);
+        }
+    }
 
     /**
     * Rewrites the given permission string based on registered PermissionRewriters.