migrate permissions and admin flag to user.role

src/accesscontrol.js

@@ -1,12 +1,7 @@
 'use strict';
 
 exports = module.exports = {
-    PERMISSION_ADMIN: 'admin', // not a real permission, but a role
-    PERMISSION_MANAGE_USERS: 'manage_users',
-
-    verifyToken: verifyToken,
-    hasPermission: hasPermission,
-    validatePermissions: validatePermissions
+    verifyToken: verifyToken
 };
 
 var assert = require('assert'),
@@ -14,28 +9,6 @@ var assert = require('assert'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js');
 
-function hasPermission(user, requiredPermission) {
-    assert.strictEqual(typeof user, 'object');
-    assert.strictEqual(typeof requiredPermission, 'string');
-
-    if (user.admin) return null;
-    if (user.permissions && user.permissions.includes(requiredPermission)) return null;
-
-    return new BoxError(BoxError.ACCESS_DENIED, 'Not permitted');
-}
-
-function validatePermissions(permissions) {
-    assert(permissions === null || Array.isArray(permissions));
-
-    if (permissions === null || permissions.length === 0) return null;
-    if (permissions.length === 1 && permissions[0] === exports.PERMISSION_MANAGE_USERS) return null;
-
-    // here for completeness
-    if (permissions.includes(exports.PERMISSION_ADMIN)) return new BoxError(BoxError.BAD_FIELD, 'admin is not a permission');
-
-    return new BoxError(BoxError.BAD_FIELD, 'Invalid permissions');
-}
-
 function verifyToken(accessToken, callback) {
     assert.strictEqual(typeof accessToken, 'string');
     assert.strictEqual(typeof callback, 'function');