lint_dir() should be cognizant of read permissions

[MichaelChirico]

lint_dir() currently just looks at dir(recursive = TRUE) and attempts to run lint() on all the included files.

This is usually fine for packages, but less so for maintaining an analysis codebase where ownership permissions may be mixed.

The current behavior is clunky because linting can fail mid-way & lose progress. It would be better to skip (possibly warning) files where the correct read permissions are not available:

lint_dir()
# ...........................Error in file(con, "r") : cannot open the connection
# In addition: Warning message:
# In file(con, "r") :
#   cannot open file '...': Permission denied

[MichaelChirico]

See discussion in #2506, tabled pending #2135. The key is to use file.access(f, 4L) to check read access; in tests, use Sys.chmod(f, '000') to simulate unreadable files (though this won't work on Windows.

[MichaelChirico]

Following up from #2506

Even with vectorized lint I feel access checking doesn't belong there. lint_dir(path, skip_inaccessible = TRUE), which should be non-default imo, could do files <- files[vapply(files, \(x) file.access(x, 4L) != -1, logical(1L))] if requested by the caller.

I really wouldn't expose this as an option. What is the use case? The proposed behavior (throw a warning() on any unreadable file) still seems best to me, and I don't know why you'd want to toggle that. Maybe you want an error, in which case options(warn=2) is easy enough.

OTOH maybe we want to avoid throwing 50 warnings in an unreadable directory, in which case we could check which files are unreadable up front and just throw one warning.

[AshesITR]

One reason I would prefer an opt-in is if the workdir is accidentally wrong, permission issues would quickly tell you you're trying to lint files that you can't access.

Imagine lint_dir("/").

In interactive mode we could ask for confirmation (Warning: Missing access permissions for A, B, C and X more files. Continue?)
In non-interactive mode, warnings can quickly fall under the table so I'd stop by default and create some kind of opt-in "ignore missing permissions" feature.
For example, we had some issues with wrong facls where I wouldn't want CI to pass without linting all files.