Remove bitmask-based permission handling (ACLs)

LabKey · Nov 21, 2024 · 9e7defd · 9e7defd
1 parent 9735eb6
commit 9e7defd
Show file tree

Hide file tree

Showing 11 changed files with 68 additions and 461 deletions.
diff --git a/api/schemas/view.xsd b/api/schemas/view.xsd
@@ -12,11 +12,6 @@
 
     <xsd:complexType name="viewType">
         <xsd:sequence>
-            <xsd:element name="permissions" type="vw:permissionsListType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>Deprecated: Use &lt;requiresPermissions>, &lt;requiresNoPermission/>, and &lt;requiresLogin/> elements instead of &lt;permissions>. All support for &lt;permissions> will be removed in LabKey Server v24.12.</xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
             <!-- <permissionClasses> and <requiresPermissions> are synonyms -->
             <xsd:element name="permissionClasses" type="vw:permissionClassListType" minOccurs="0" maxOccurs="1"/>
             <xsd:element name="requiresPermissions" type="vw:permissionClassListType" minOccurs="0" maxOccurs="1"/>
@@ -37,51 +32,16 @@
         </xsd:sequence>
     </xsd:complexType>
 
-    <xsd:complexType name="permissionsListType">
-        <xsd:annotation>
-            <xsd:documentation>Deprecated: Use &lt;requiresPermissions> and &lt;permissionClass> elements instead of &lt;permissions> and &lt;permission>. All support for &lt;permissions> and &lt;permission> will be removed in LabKey Server v24.12.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="permission" type="vw:permissionType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>Deprecated: Use &lt;requiresPermissions> and &lt;permissionClass> elements instead of &lt;permissions> and &lt;permission>. All support for &lt;permissions> and &lt;permission> will be removed in LabKey Server v24.12.</xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-    </xsd:complexType>
-
     <xsd:complexType name="permissionClassListType">
         <xsd:sequence>
             <xsd:element name="permissionClass" type="vw:permissionClassType" minOccurs="0" maxOccurs="unbounded"/>
         </xsd:sequence>
     </xsd:complexType>
 
-    <xsd:complexType name="permissionType">
-        <xsd:annotation>
-            <xsd:documentation>Deprecated: Use &lt;requiresPermissions> and &lt;permissionClass> elements instead of &lt;permissions> and &lt;permission>. All support for &lt;permissions> and &lt;permission> will be removed in LabKey Server v24.12.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:attribute name="name" type="vw:permissionEnum"/>
-    </xsd:complexType>
-
     <xsd:complexType name="permissionClassType">
         <xsd:attribute name="name" type="xsd:string"/>
     </xsd:complexType>
 
-    <xsd:simpleType name="permissionEnum">
-        <xsd:annotation>
-            <xsd:documentation>Deprecated: Use &lt;requiresPermissions> and &lt;permissionClass> elements instead of &lt;permissions> and &lt;permission>. All support for &lt;permissions> and &lt;permission> will be removed in LabKey Server v24.12.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="login"/>
-            <xsd:enumeration value="read"/>
-            <xsd:enumeration value="insert"/>
-            <xsd:enumeration value="update"/>
-            <xsd:enumeration value="delete"/>
-            <xsd:enumeration value="admin"/>
-            <xsd:enumeration value="none"/>
-        </xsd:restriction>
-    </xsd:simpleType>
-
     <xsd:simpleType name="frameType">
         <xsd:restriction base="xsd:string">
             <xsd:enumeration value="portal"/>

diff --git a/api/src/org/labkey/api/ApiModule.java b/api/src/org/labkey/api/ApiModule.java
@@ -142,8 +142,8 @@
 import org.labkey.api.settings.AdminConsole;
 import org.labkey.api.settings.AppProps;
 import org.labkey.api.settings.AppPropsTestCase;
-import org.labkey.api.settings.LookAndFeelProperties;
 import org.labkey.api.settings.LookAndFeelFolderPropertiesTest;
+import org.labkey.api.settings.LookAndFeelProperties;
 import org.labkey.api.settings.OptionalFeatureService;
 import org.labkey.api.settings.OptionalFeatureStartupListener;
 import org.labkey.api.settings.WriteableLookAndFeelProperties;
@@ -198,7 +198,6 @@
 import java.util.Set;
 
 import static java.util.EnumSet.allOf;
-import static org.labkey.api.security.ACL.RESTORE_USE_OF_ACLS;
 import static org.labkey.api.settings.LookAndFeelProperties.Properties.applicationMenuDisplayMode;
 import static org.labkey.api.settings.SiteSettingsProperties.allowApiKeys;
 import static org.labkey.api.settings.SiteSettingsProperties.allowSessionKeys;
@@ -228,10 +227,6 @@ protected void init()
 
         LabKeyManagement.register(new StandardMBean(new OperationsMXBeanImpl(), OperationsMXBean.class, true), "Operations");
 
-        AdminConsole.addOptionalFeatureFlag(new AdminConsole.OptionalFeatureFlag(RESTORE_USE_OF_ACLS,
-                "Restore ability to use deprecated bitmask-based permissions",
-                "If enabled, module HTML view metadata (.view.xml) files with \"<permission name='read'>\"-type elements will be accepted and specific API responses will include user permissions as integer bitmasks. This option and all support for bitmask based permissions will be removed in LabKey Server v24.12.",
-                false, false, OptionalFeatureService.FeatureType.Deprecated));
         AdminConsole.addOptionalFeatureFlag(new AdminConsole.OptionalFeatureFlag(FileStream.STAGE_FILE_TRANSFERS,
                 "Stage file uploads and downloads to temporary local file",
                 "When using a non-local file system, using a specific API that requires a locally staged copy of the file as the source can sometimes be significantly faster than streaming the file directly to/from storage",

diff --git a/api/src/org/labkey/api/data/Container.java b/api/src/org/labkey/api/data/Container.java
@@ -39,7 +39,6 @@
 import org.labkey.api.portal.ProjectUrls;
 import org.labkey.api.products.ProductRegistry;
 import org.labkey.api.query.QueryService;
-import org.labkey.api.security.ACL;
 import org.labkey.api.security.HasPermission;
 import org.labkey.api.security.SecurableResource;
 import org.labkey.api.security.SecurityManager;
@@ -48,16 +47,12 @@
 import org.labkey.api.security.User;
 import org.labkey.api.security.UserPrincipal;
 import org.labkey.api.security.permissions.AdminPermission;
-import org.labkey.api.security.permissions.DeletePermission;
 import org.labkey.api.security.permissions.EnableRestrictedModules;
-import org.labkey.api.security.permissions.InsertPermission;
 import org.labkey.api.security.permissions.Permission;
 import org.labkey.api.security.permissions.ReadPermission;
-import org.labkey.api.security.permissions.UpdatePermission;
 import org.labkey.api.security.roles.Role;
 import org.labkey.api.settings.AppProps;
 import org.labkey.api.settings.LookAndFeelProperties;
-import org.labkey.api.settings.OptionalFeatureService;
 import org.labkey.api.settings.ProductFeature;
 import org.labkey.api.study.StudyService;
 import org.labkey.api.util.ContainerContext;
@@ -538,31 +533,6 @@ public final boolean hasOneOf(@NotNull User user, @NotNull Class<? extends Permi
         return SecurityManager.hasAnyPermissions(null, this, user, new HashSet<>(Arrays.asList(perms)), Set.of());
     }
 
-    /**
-     * This is purely for backwards compatibility with HTTP APIs--Do not use for new code!
-     * Does not respect impersonation, etc.
-     * @param principal the user/group
-     * @return old-style bitmask for basic permissions
-     */
-    @Deprecated // TODO: Let's remove this!
-    public int getPermsAsOldBitMask(UserPrincipal principal)
-    {
-        int perms = 0;
-        Set<Class<? extends Permission>> permClasses = SecurityManager.getPermissions(this, principal, Set.of());
-        if (permClasses.contains(ReadPermission.class))
-            perms |= ACL.PERM_READ;
-        if (permClasses.contains(InsertPermission.class))
-            perms |= ACL.PERM_INSERT;
-        if (permClasses.contains(UpdatePermission.class))
-            perms |= ACL.PERM_UPDATE;
-        if (permClasses.contains(DeletePermission.class))
-            perms |= ACL.PERM_DELETE;
-        if (permClasses.contains(AdminPermission.class))
-            perms |= ACL.PERM_ADMIN;
-
-        return perms;
-    }
-
     public boolean isForbiddenProject(User user)
     {
         return handleForbiddenProject(user, false);
@@ -1429,10 +1399,6 @@ public Map<String, Object> toJSON(User user, boolean includePermissions, boolean
 
             if (includePermissions)
             {
-                if (OptionalFeatureService.get().isFeatureEnabled(ACL.RESTORE_USE_OF_ACLS))
-                {
-                    containerProps.put("userPermissions", getPermsAsOldBitMask(user));
-                }
                 containerProps.put("effectivePermissions", SecurityManager.getPermissionNames(this, user));
             }
 

diff --git a/api/src/org/labkey/api/module/ModuleHtmlView.java b/api/src/org/labkey/api/module/ModuleHtmlView.java
@@ -188,11 +188,6 @@ public boolean isRequiresLogin()
         return _viewdef.isRequiresLogin();
     }
 
-    public int getRequiredPerms()
-    {
-        return _viewdef.getRequiredPerms();
-    }
-
     public Set<Class<? extends Permission>> getRequiredPermissionClasses()
     {
         return _viewdef.getRequiredPermissionClasses();