feat(extensions): remove rbac extension (#4157)

* feat(extensions): remove rbac extension client code

* feat(extensions): remove server rbac code

* remove extensions code

* fix(notifications): remove error

* feat(extensions): remove authorizations service

* feat(rbac): deprecate fields

* fix(portainer): revert change

* fix(bouncer): remove rbac authorization check

* feat(sidebar): remove roles link

* fix(portainer): remove portainer module

app/docker/views/containers/create/createContainerController.js

@@ -30,7 +30,6 @@ angular.module('portainer.docker').controller('CreateContainerController', [
   'SettingsService',
   'PluginService',
   'HttpRequestHelper',
-  'ExtensionService',
   function (
     $q,
     $scope,
@@ -56,8 +55,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
     SystemService,
     SettingsService,
     PluginService,
-    HttpRequestHelper,
-    ExtensionService
+    HttpRequestHelper
   ) {
     $scope.create = create;
 
@@ -649,7 +647,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
       $scope.isAdmin = Authentication.isAdmin();
       $scope.showDeviceMapping = await shouldShowDevices();
       $scope.areContainerCapabilitiesEnabled = await checkIfContainerCapabilitiesEnabled();
-      $scope.isAdminOrEndpointAdmin = await checkIfAdminOrEndpointAdmin();
+      $scope.isAdminOrEndpointAdmin = Authentication.isAdmin();
 
       Volume.query(
         {},
@@ -935,35 +933,16 @@ angular.module('portainer.docker').controller('CreateContainerController', [
       }
     }
 
-    async function isAdminOrEndpointAdmin() {
-      const isAdmin = Authentication.isAdmin();
-      if (isAdmin) {
-        return true;
-      }
-
-      const rbacEnabled = await ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC);
-      return rbacEnabled ? Authentication.hasAuthorizations(['EndpointResourcesAccess']) : false;
-    }
-
     async function shouldShowDevices() {
       const { allowDeviceMappingForRegularUsers } = $scope.applicationState.application;
 
-      return allowDeviceMappingForRegularUsers || isAdminOrEndpointAdmin();
+      return allowDeviceMappingForRegularUsers || Authentication.isAdmin();
     }
 
     async function checkIfContainerCapabilitiesEnabled() {
       const { allowContainerCapabilitiesForRegularUsers } = $scope.applicationState.application;
 
-      return allowContainerCapabilitiesForRegularUsers || isAdminOrEndpointAdmin();
-    }
-
-    async function checkIfAdminOrEndpointAdmin() {
-      if (Authentication.isAdmin()) {
-        return true;
-      }
-
-      const rbacEnabled = await ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC);
-      return rbacEnabled ? Authentication.hasAuthorizations(['EndpointResourcesAccess']) : false;
+      return allowContainerCapabilitiesForRegularUsers || Authentication.isAdmin();
     }
 
     initView();

app/docker/views/containers/edit/containerController.js

@@ -9,7 +9,6 @@ angular.module('portainer.docker').controller('ContainerController', [
   '$transition$',
   '$filter',
   '$async',
-  'ExtensionService',
   'Commit',
   'ContainerHelper',
   'ContainerService',
@@ -30,7 +29,6 @@ angular.module('portainer.docker').controller('ContainerController', [
     $transition$,
     $filter,
     $async,
-    ExtensionService,
     Commit,
     ContainerHelper,
     ContainerService,
@@ -115,9 +113,7 @@ angular.module('portainer.docker').controller('ContainerController', [
             !allowHostNamespaceForRegularUsers ||
             !allowPrivilegedModeForRegularUsers;
 
-          ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC).then((rbacEnabled) => {
-            $scope.displayRecreateButton = !inSwarm && !autoRemove && (settingRestrictsRegularUsers || rbacEnabled ? admin : true);
-          });
+          $scope.displayRecreateButton = !inSwarm && !autoRemove && (admin || !settingRestrictsRegularUsers);
         })
         .catch(function error(err) {
           Notifications.error('Failure', err, 'Unable to retrieve container info');

app/docker/views/dashboard/dashboardController.js

@@ -12,7 +12,6 @@ angular.module('portainer.docker').controller('DashboardController', [
   'EndpointService',
   'Notifications',
   'EndpointProvider',
-  'ExtensionService',
   'StateManager',
   function (
     $scope,
@@ -28,7 +27,6 @@ angular.module('portainer.docker').controller('DashboardController', [
     EndpointService,
     Notifications,
     EndpointProvider,
-    ExtensionService,
     StateManager
   ) {
     $scope.dismissInformationPanel = function (id) {
@@ -75,13 +73,7 @@ angular.module('portainer.docker').controller('DashboardController', [
       const isAdmin = Authentication.isAdmin();
       const { allowStackManagementForRegularUsers } = $scope.applicationState.application;
 
-      if (isAdmin || allowStackManagementForRegularUsers) {
-        return true;
-      }
-      const rbacEnabled = await ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC);
-      if (rbacEnabled) {
-        return Authentication.hasAuthorizations(['EndpointResourcesAccess']);
-      }
+      return isAdmin || allowStackManagementForRegularUsers;
     }
 
     initView();

app/docker/views/services/create/createServiceController.js

@@ -33,7 +33,6 @@ angular.module('portainer.docker').controller('CreateServiceController', [
   'SettingsService',
   'WebhookService',
   'EndpointProvider',
-  'ExtensionService',
   function (
     $q,
     $scope,
@@ -59,8 +58,7 @@ angular.module('portainer.docker').controller('CreateServiceController', [
     NodeService,
     SettingsService,
     WebhookService,
-    EndpointProvider,
-    ExtensionService
+    EndpointProvider
   ) {
     $scope.formValues = {
       Name: '',
@@ -592,15 +590,7 @@ angular.module('portainer.docker').controller('CreateServiceController', [
       const settings = await SettingsService.publicSettings();
       const { AllowBindMountsForRegularUsers } = settings;
 
-      if (isAdmin || AllowBindMountsForRegularUsers) {
-        return true;
-      }
-      const rbacEnabled = await ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC);
-      if (rbacEnabled) {
-        return Authentication.hasAuthorizations(['EndpointResourcesAccess']);
-      }
-
-      return false;
+      return isAdmin || AllowBindMountsForRegularUsers;
     }
   },
 ]);

app/docker/views/volumes/volumesController.js

@@ -9,8 +9,7 @@ angular.module('portainer.docker').controller('VolumesController', [
   'HttpRequestHelper',
   'EndpointProvider',
   'Authentication',
-  'ExtensionService',
-  function ($q, $scope, $state, VolumeService, ServiceService, VolumeHelper, Notifications, HttpRequestHelper, EndpointProvider, Authentication, ExtensionService) {
+  function ($q, $scope, $state, VolumeService, ServiceService, VolumeHelper, Notifications, HttpRequestHelper, EndpointProvider, Authentication) {
     $scope.removeAction = function (selectedItems) {
       var actionCount = selectedItems.length;
       angular.forEach(selectedItems, function (volume) {
@@ -71,16 +70,8 @@ angular.module('portainer.docker').controller('VolumesController', [
     function initView() {
       getVolumes();
 
-      $scope.showBrowseAction = $scope.applicationState.endpoint.mode.agentProxy;
-
-      ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC).then(function success(extensionEnabled) {
-        if (!extensionEnabled) {
-          var isAdmin = Authentication.isAdmin();
-          if (!$scope.applicationState.application.enableVolumeBrowserForNonAdminUsers && !isAdmin) {
-            $scope.showBrowseAction = false;
-          }
-        }
-      });
+      $scope.showBrowseAction =
+        $scope.applicationState.endpoint.mode.agentProxy && (Authentication.isAdmin() || $scope.applicationState.application.enableVolumeBrowserForNonAdminUsers);
     }
 
     initView();