Clean up code around optional permissions

core/src/main/java/hudson/Functions.java

@@ -2218,30 +2218,35 @@
      * Returns {@code true} if the {@link Run#ARTIFACTS} permission is enabled,
      * {@code false} otherwise.
      *
-     * <p>When the {@link Run#ARTIFACTS} permission is not turned on using the
-     * {@code hudson.security.ArtifactsPermission} system property, this
+     * <p>When the {@link Run#ARTIFACTS} permission is not turned on, this
      * permission must not be considered to be set to {@code false} for every
      * user. It must rather be like if the permission doesn't exist at all
      * (which means that every user has to have an access to the artifacts but
      * the permission can't be configured in the security screen). Got it?</p>
+     *
+     * @deprecated Use {@code Run.ARTIFACTS.getEnabled()} instead.
      */
+    @Deprecated
     public static boolean isArtifactsPermissionEnabled() {
-        return SystemProperties.getBoolean("hudson.security.ArtifactsPermission");
+        return Run.ARTIFACTS.getEnabled();
     }
 
     /**
      * Returns {@code true} if the {@link Item#WIPEOUT} permission is enabled,
      * {@code false} otherwise.
      *
      * <p>The "Wipe Out Workspace" action available on jobs is controlled by the
      * {@link Item#BUILD} permission. For some specific projects, however, it is
      * not acceptable to let users have this possibility, even it they can
      * trigger builds. As such, when enabling the {@code hudson.security.WipeOutPermission}
      * system property, a new "WipeOut" permission will allow to have greater
      * control on the "Wipe Out Workspace" action.</p>
+     *
+     * @deprecated Use {@code Item.WIPEOUT.getEnabled()} instead.
      */
+    @Deprecated
     public static boolean isWipeOutPermissionEnabled() {
-        return SystemProperties.getBoolean("hudson.security.WipeOutPermission");
+        return Item.WIPEOUT.getEnabled();
     }
 
     @Deprecated

core/src/main/java/hudson/model/AbstractProject.java

@@ -1894,7 +1894,7 @@
      */
     @RequirePOST
     public HttpResponse doDoWipeOutWorkspace() throws IOException, ServletException, InterruptedException {
-        checkPermission(Functions.isWipeOutPermissionEnabled() ? WIPEOUT : BUILD);
+        checkPermission(Item.WIPEOUT.getEnabled() ? WIPEOUT : BUILD);
         R b = getSomeBuildWithWorkspace();
         FilePath ws = b != null ? b.getWorkspace() : null;
         if (ws != null && getScm().processWorkspaceBeforeDeletion(this, ws, b.getBuiltOn())) {

core/src/main/java/hudson/model/Item.java

@@ -319,7 +319,7 @@ default void onCreatedFromScratch() {
                     "WipeOut",
                     Messages._AbstractProject_WipeOutPermission_Description(),
                     null,
-                    Functions.isWipeOutPermissionEnabled(),
+                    SystemProperties.getBoolean("hudson.security.WipeOutPermission"),
                     new PermissionScope[] {PermissionScope.ITEM});
     Permission CANCEL =
             new Permission(

core/src/main/java/hudson/model/Run.java

@@ -2251,7 +2251,7 @@
      * @throws AccessDeniedException Access denied
      */
     public @NonNull DirectoryBrowserSupport doArtifact() {
-        if (Functions.isArtifactsPermissionEnabled()) {
+        if (ARTIFACTS.getEnabled()) {
           checkPermission(ARTIFACTS);
         }
         return new DirectoryBrowserSupport(this, getArtifactManager().root(), Messages.Run_ArtifactsBrowserTitle(project.getDisplayName(), getDisplayName()), "package.png", true);
@@ -2589,7 +2589,7 @@
     public static final Permission UPDATE = new Permission(PERMISSIONS, "Update", Messages._Run_UpdatePermission_Description(), Permission.UPDATE, PermissionScope.RUN);
     /** See {@link hudson.Functions#isArtifactsPermissionEnabled} */
     public static final Permission ARTIFACTS = new Permission(PERMISSIONS, "Artifacts", Messages._Run_ArtifactsPermission_Description(), null,
-                                                              Functions.isArtifactsPermissionEnabled(), new PermissionScope[]{PermissionScope.RUN});
+            SystemProperties.getBoolean("hudson.security.ArtifactsPermission"), new PermissionScope[]{PermissionScope.RUN});
 
     private static class DefaultFeedAdapter implements FeedAdapter<Run> {
         @Override

core/src/main/resources/hudson/model/AbstractProject/main.jelly

@@ -39,8 +39,7 @@ THE SOFTWARE.
     </j:forEach>
 
     <t:artifactList caption="${%Last Successful Artifacts}"
-        build="${it.lastSuccessfulBuild}" baseURL="lastSuccessfulBuild/"
-        permission="${it.lastSuccessfulBuild.ARTIFACTS}"/>
+        build="${it.lastSuccessfulBuild}" baseURL="lastSuccessfulBuild/"/>
   </table>
 
   <!-- merge fragments from the actions -->

core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly

@@ -40,7 +40,7 @@ THE SOFTWARE.
       <l:task contextMenu="false" href="${url}/" icon="symbol-details" title="${%Status}"/>
       <l:task href="${url}/changes" icon="symbol-changes" title="${%Changes}"/>
       <l:task icon="symbol-folder"  href="${url}/ws/" title="${%Workspace}" permission="${it.WORKSPACE}">
-        <l:task confirmationMessage="${%wipe.out.confirm}" href="${url}/doWipeOutWorkspace" icon="symbol-trash" permission="${h.isWipeOutPermissionEnabled() ? it.WIPEOUT : it.BUILD}" post="true" requiresConfirmation="true" title="${%Wipe Out Workspace}"/>
+        <l:task confirmationMessage="${%wipe.out.confirm}" href="${url}/doWipeOutWorkspace" icon="symbol-trash" permission="${it.WIPEOUT.getEnabled() ? it.WIPEOUT : it.BUILD}" post="true" requiresConfirmation="true" title="${%Wipe Out Workspace}"/>
       </l:task>
       <j:if test="${it.configurable}">
         <p:configurable/>

core/src/main/resources/hudson/model/Run/artifacts-index.jelly

@@ -24,13 +24,13 @@ THE SOFTWARE.
 
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
-  <j:if test="${!h.isArtifactsPermissionEnabled() or h.isArtifactsPermissionEnabled() and h.hasPermission(it.ARTIFACTS)}">
-    <l:layout title="${it.fullDisplayName} Artifacts">
-      <st:include page="sidepanel.jelly" />
-      <l:breadcrumb title="${%Artifacts}" />
-      <l:main-panel>
-        <t:buildCaption>${%Build Artifacts}</t:buildCaption>
-        <table class="fileList">
+  <l:layout title="${it.fullDisplayName} Artifacts">
+    <st:include page="sidepanel.jelly" />
+    <l:breadcrumb title="${%Artifacts}" />
+    <l:main-panel>
+      <t:buildCaption>${%Build Artifacts}</t:buildCaption>
+      <table class="fileList">
+        <j:if test="${!h.isArtifactsPermissionEnabled() or h.isArtifactsPermissionEnabled() and h.hasPermission(it.ARTIFACTS)}">
           <j:forEach var="f" items="${it.artifacts}">
             <tr>
               <td>
@@ -44,8 +44,8 @@ THE SOFTWARE.
               </td>
             </tr>
           </j:forEach>
-        </table>
-      </l:main-panel>
-    </l:layout>
-  </j:if>
+        </j:if>
+      </table>
+    </l:main-panel>
+  </l:layout>
 </j:jelly>

core/src/main/resources/hudson/model/Run/index.jelly

@@ -55,8 +55,7 @@ THE SOFTWARE.
       </div>
 
       <table>
-        <t:artifactList build="${it}" caption="${%Build Artifacts}"
-          permission="${it.ARTIFACTS}" />
+        <t:artifactList build="${it}" caption="${%Build Artifacts}" />
 
         <!-- give actions a chance to contribute summary item -->
         <j:forEach var="a" items="${it.allActions}">

core/src/main/resources/lib/hudson/artifactList.jelly

@@ -38,7 +38,7 @@ THE SOFTWARE.
       If the hyperlink to artifacts are at another URL, specify the prefix.
     </st:attribute>
   </st:documentation>
-  <j:if test="${!h.isArtifactsPermissionEnabled() or h.isArtifactsPermissionEnabled() and h.hasPermission(it,attrs.permission)}">
+  <j:if test="${!build.ARTIFACTS.enabled or h.hasPermission(build, build.ARTIFACTS)}">
     <j:set var="artifacts" value="${build.getArtifactsUpTo(build.LIST_CUTOFF+1)}" />
     <j:if test="${!empty(artifacts)}">
       <t:summary icon="symbol-cube" href="${baseURL}artifact/">