fix: make --allow-env stronger that --deny-env (#29079)

runtime/permissions/lib.rs

@@ -1944,7 +1944,7 @@ impl UnaryPermission<EnvQueryDescriptor> {
 
   pub fn check_all(&mut self) -> Result<(), PermissionDeniedError> {
     skip_check_if_is_permission_fully_granted!(self);
-    self.check_desc(None, false, None)
+    self.check_desc(None, true, None)
   }
 }
 
@@ -5263,4 +5263,21 @@ mod tests {
       );
     }
   }
+
+  #[test]
+  fn test_env_check_all() {
+    set_prompter(Box::new(TestPrompter));
+    let parser = TestPermissionDescriptorParser;
+    let mut perms = Permissions::from_options(
+      &parser,
+      &PermissionsOptions {
+        allow_env: Some(vec![]),
+        deny_env: Some(svec!["FOO"]),
+        ..Default::default()
+      },
+    )
+    .unwrap();
+
+    assert!(perms.env.check_all().is_err());
+  }
 }

tests/specs/run/permission_env_allow_and_deny/__test__.jsonc

@@ -0,0 +1,8 @@
+{
+  "args": "run --allow-env --deny-env=FOOBAR main.ts",
+  "output": "main.out",
+  "exitCode": 1,
+  "envs": {
+    "FOOBAR": "FOOBAR"
+  }
+}

tests/specs/run/permission_env_allow_and_deny/main.out

@@ -0,0 +1,4 @@
+error: Uncaught (in promise) NotCapable: Requires env access, run again with the --allow-env flag
+console.log(Deno.env.toObject());
+                     ^
+[WILDCARD]main.ts:1:22

tests/specs/run/permission_env_allow_and_deny/main.ts

@@ -0,0 +1 @@
+console.log(Deno.env.toObject());