MM-42819 mmctl: informative errors on permanent deletions (mattermost#30230)

Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>

Author: willypuzzle

server/channels/api4/channel.go

@@ -1401,7 +1401,13 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		if *c.App.Config().ServiceSettings.EnableAPIChannelDeletion {
 			err = c.App.PermanentDeleteChannel(c.AppContext, channel)
 		} else {
-			err = model.NewAppError("deleteChannel", "api.user.delete_channel.not_enabled.app_error", nil, "channelId="+c.Params.ChannelId, http.StatusUnauthorized)
+			user, usrErr := c.App.GetUser(c.AppContext.Session().UserId)
+			if usrErr == nil && user != nil && user.IsSystemAdmin() {
+				// More verbose error message for system admins
+				err = model.NewAppError("deleteChannel", "api.user.delete_channel.not_enabled.for_admin.app_error", nil, "channelId="+c.Params.ChannelId, http.StatusUnauthorized)
+			} else {
+				err = model.NewAppError("deleteChannel", "api.user.delete_channel.not_enabled.app_error", nil, "channelId="+c.Params.ChannelId, http.StatusUnauthorized)
+			}
 		}
 	} else {
 		err = c.App.DeleteChannel(c.AppContext, channel, c.AppContext.Session().UserId)

server/channels/api4/team.go

@@ -521,7 +521,13 @@ func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		if *c.App.Config().ServiceSettings.EnableAPITeamDeletion {
 			err = c.App.PermanentDeleteTeamId(c.AppContext, c.Params.TeamId)
 		} else {
-			err = model.NewAppError("deleteTeam", "api.user.delete_team.not_enabled.app_error", nil, "teamId="+c.Params.TeamId, http.StatusUnauthorized)
+			user, usrErr := c.App.GetUser(c.AppContext.Session().UserId)
+			if usrErr == nil && user != nil && user.IsSystemAdmin() {
+				// More verbose error message for system admins
+				err = model.NewAppError("deleteTeam", "api.user.delete_team.not_enabled.for_admin.app_error", nil, "teamId="+c.Params.TeamId, http.StatusUnauthorized)
+			} else {
+				err = model.NewAppError("deleteTeam", "api.user.delete_team.not_enabled.app_error", nil, "teamId="+c.Params.TeamId, http.StatusUnauthorized)
+			}
 		}
 	} else {
 		err = c.App.SoftDeleteTeam(c.Params.TeamId)

server/channels/api4/user.go

@@ -1534,7 +1534,13 @@ func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		if *c.App.Config().ServiceSettings.EnableAPIUserDeletion {
 			err = c.App.PermanentDeleteUser(c.AppContext, user)
 		} else {
-			err = model.NewAppError("deleteUser", "api.user.delete_user.not_enabled.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
+			loggedUser, usrErr := c.App.GetUser(c.AppContext.Session().UserId)
+			if usrErr == nil && loggedUser != nil && loggedUser.IsSystemAdmin() {
+				// More verbose error message for system admins
+				err = model.NewAppError("deleteUser", "api.user.delete_user.not_enabled.for_admin.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
+			} else {
+				err = model.NewAppError("deleteUser", "api.user.delete_user.not_enabled.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
+			}
 		}
 	} else {
 		_, err = c.App.UpdateActive(c.AppContext, user, false)

server/cmd/mmctl/commands/channel_e2e_test.go

@@ -360,6 +360,63 @@ func (s *MmctlE2ETestSuite) TestDeleteChannelsCmd() {
 		s.CheckErrorID(err, "app.channel.get.existing.app_error")
 	})
 
+	s.Run("Delete channel with disabled config as system admin", func() {
+		channel, appErr := s.th.App.CreateChannel(s.th.Context, &model.Channel{Type: model.ChannelTypeOpen, Name: "channel_name_you_cannot_delete", CreatorId: user.Id}, true)
+		s.Require().Nil(appErr)
+
+		previousVal := s.th.App.Config().ServiceSettings.EnableAPIChannelDeletion
+		s.th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPIChannelDeletion = false })
+		defer func() {
+			s.th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPIChannelDeletion = *previousVal })
+		}()
+
+		cmd := &cobra.Command{}
+		cmd.Flags().Bool("confirm", true, "")
+		args := []string{team.Id + ":" + channel.Id}
+
+		printer.Clean()
+		err := deleteChannelsCmdF(s.th.SystemAdminClient, cmd, args)
+
+		var expected error
+		expected = multierror.Append(expected, errors.New("unable to delete channel '\""+channel.Name+"\"' error: Permanent channel deletion feature is not enabled. ServiceSettings.EnableAPIChannelDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information"))
+
+		s.Require().NotNil(err)
+		s.Require().EqualError(err, expected.Error())
+
+		channel, err = s.th.App.GetChannel(s.th.Context, channel.Id)
+
+		s.Require().Nil(err)
+		s.Require().NotNil(channel)
+	})
+
+	s.Run("Delete channel with disabled config as local client", func() {
+		channel, appErr := s.th.App.CreateChannel(s.th.Context, &model.Channel{Type: model.ChannelTypeOpen, Name: "channel_name", CreatorId: user.Id}, true)
+		s.Require().Nil(appErr)
+
+		previousVal := s.th.App.Config().ServiceSettings.EnableAPIChannelDeletion
+		s.th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPIChannelDeletion = false })
+		defer func() {
+			s.th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPIChannelDeletion = *previousVal })
+		}()
+
+		cmd := &cobra.Command{}
+		cmd.Flags().Bool("confirm", true, "")
+		args := []string{team.Id + ":" + channel.Id}
+
+		printer.Clean()
+		err := deleteChannelsCmdF(s.th.LocalClient, cmd, args)
+
+		s.Require().Nil(err)
+		s.Require().Len(printer.GetLines(), 1)
+		s.Require().Equal(channel, printer.GetLines()[0])
+		s.Require().Len(printer.GetErrorLines(), 0)
+
+		// expect the channel deleted
+		_, err = s.th.App.GetChannel(s.th.Context, channel.Id)
+		s.Require().NotNil(err)
+		s.CheckErrorID(err, "app.channel.get.existing.app_error")
+	})
+
 	s.Run("Delete channel without permissions", func() {
 		cmd := &cobra.Command{}
 		cmd.Flags().Bool("confirm", true, "")

server/cmd/mmctl/commands/team_e2e_test.go

@@ -125,6 +125,51 @@ func (s *MmctlE2ETestSuite) TestDeleteTeamsCmdF() {
 		config, _, _ = c.GetConfig(context.TODO())
 		config.ServiceSettings.EnableAPITeamDeletion = &enableConfig
 		_, _, _ = c.UpdateConfig(context.TODO(), config)
+
+		_, err = s.th.App.GetTeam(teamName)
+		s.Require().NotNil(err)
+	})
+
+	s.Run("Delete team with disabled config as local client", func() {
+		printer.Clean()
+
+		teamName := "teamname" + model.NewRandomString(10)
+		teamDisplayname := "Mock Display Name"
+		cmd := &cobra.Command{}
+		cmd.Flags().String("name", teamName, "")
+		cmd.Flags().String("display-name", teamDisplayname, "")
+		err := createTeamCmdF(s.th.LocalClient, cmd, []string{})
+		s.Require().Nil(err)
+
+		cmd = &cobra.Command{}
+		args := []string{teamName}
+		cmd.Flags().String("display-name", "newDisplayName", "Team Display Name")
+		cmd.Flags().Bool("confirm", true, "")
+
+		c := s.th.LocalClient
+
+		enableConfig := false
+		config, _, _ := c.GetConfig(context.TODO())
+		holdConfig := config.ServiceSettings.EnableAPITeamDeletion
+		// Set EnableAPITeamDeletion
+		config.ServiceSettings.EnableAPITeamDeletion = &enableConfig
+		_, _, _ = c.UpdateConfig(context.TODO(), config)
+
+		// Deletion should succeed for local client now
+		err = deleteTeamsCmdF(c, cmd, args)
+		s.Require().Nil(err)
+		team := printer.GetLines()[0].(*model.Team)
+		s.Equal(teamName, team.Name)
+		s.Len(printer.GetErrorLines(), 0)
+
+		// Reset config
+		config, _, _ = c.GetConfig(context.TODO())
+		config.ServiceSettings.EnableAPITeamDeletion = holdConfig
+		_, _, _ = c.UpdateConfig(context.TODO(), config)
+
+		// expect team is deleted
+		_, err = s.th.App.GetTeam(teamName)
+		s.Require().NotNil(err)
 	})
 
 	s.Run("Permission denied error for system admin when deleting a valid team", func() {
@@ -140,7 +185,7 @@ func (s *MmctlE2ETestSuite) TestDeleteTeamsCmdF() {
 		s.Require().Error(err)
 		s.Len(printer.GetLines(), 0)
 		s.Len(printer.GetErrorLines(), 1)
-		s.Equal("Unable to delete team '"+s.th.BasicTeam.Name+"' error: Permanent team deletion feature is not enabled. Please contact your System Administrator.", printer.GetErrorLines()[0])
+		s.Equal("Unable to delete team '"+s.th.BasicTeam.Name+"' error: Permanent team deletion feature is not enabled. ServiceSettings.EnableAPITeamDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information.", printer.GetErrorLines()[0])
 
 		// verify team still exists
 		team, _ := s.th.App.GetTeam(s.th.BasicTeam.Id)

server/cmd/mmctl/commands/user_e2e_test.go

@@ -764,7 +764,7 @@ func (s *MmctlE2ETestSuite) TestDeleteUsersCmd() {
 
 		var expectedErr *multierror.Error
 		expectedErr = multierror.Append(expectedErr, fmt.Errorf("unable to delete user %s error: %w", newUser.Username,
-			fmt.Errorf("Permanent user deletion feature is not enabled. Please contact your System Administrator.")))
+			fmt.Errorf("Permanent user deletion feature is not enabled. ServiceSettings.EnableAPIUserDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information.")))
 
 		err := deleteUsersCmdF(s.th.SystemAdminClient, cmd, []string{newUser.Email})
 		s.Require().NotNil(err)

server/i18n/en.json

@@ -4182,14 +4182,26 @@
     "id": "api.user.delete_channel.not_enabled.app_error",
     "translation": "Permanent channel deletion feature is not enabled. Please contact your System Administrator."
   },
+  {
+    "id": "api.user.delete_channel.not_enabled.for_admin.app_error",
+    "translation": "Permanent channel deletion feature is not enabled. ServiceSettings.EnableAPIChannelDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information"
+  },
   {
     "id": "api.user.delete_team.not_enabled.app_error",
     "translation": "Permanent team deletion feature is not enabled. Please contact your System Administrator."
   },
+  {
+    "id": "api.user.delete_team.not_enabled.for_admin.app_error",
+    "translation": "Permanent team deletion feature is not enabled. ServiceSettings.EnableAPITeamDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information."
+  },
   {
     "id": "api.user.delete_user.not_enabled.app_error",
     "translation": "Permanent user deletion feature is not enabled. Please contact your System Administrator."
   },
+  {
+    "id": "api.user.delete_user.not_enabled.for_admin.app_error",
+    "translation": "Permanent user deletion feature is not enabled. ServiceSettings.EnableAPIUserDeletion must be set to true to use this command. See https://mattermost.com/pl/environment-configuration-settings for more information."
+  },
   {
     "id": "api.user.demote_user_to_guest.already_guest.app_error",
     "translation": "Unable to convert the user to guest because is already a guest."