Merge 327b472e55 into 2be57a7ec0

server/channels/api4/channel.go

@@ -1435,8 +1435,14 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	defer c.LogAuditRec(auditRec)
 
 	if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
-		c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
-		return
+		if !c.Params.Permanent {
+			c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
+			return
+		}
+		if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionDeletePrivateChannel) {
+			c.SetPermissionError(model.PermissionDeletePrivateChannel)
+			return
+		}
 	}
 
 	if channel.Type == model.ChannelTypeOpen {

server/channels/api4/channel_local.go

@@ -421,8 +421,8 @@ func localDeleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	auditRec.AddEventPriorState(channel)
 	model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId)
 
-	if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
-		c.Err = model.NewAppError("localDeleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
+	if (channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup) && !c.Params.Permanent {
+		c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
 		return
 	}
 

server/channels/api4/channel_test.go

@@ -1871,13 +1871,42 @@ func TestDeleteDirectChannel(t *testing.T) {
 	user := th.BasicUser
 	user2 := th.BasicUser2
 
-	rgc, resp, err := client.CreateDirectChannel(context.Background(), user.Id, user2.Id)
-	require.NoError(t, err)
-	CheckCreatedStatus(t, resp)
-	require.NotNil(t, rgc, "should have created a direct channel")
+	// Enable API channel deletion
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.EnableAPIChannelDeletion = true
+	})
 
-	_, err = client.DeleteChannel(context.Background(), rgc.Id)
-	CheckErrorID(t, err, "api.channel.delete_channel.type.invalid")
+	t.Run("Permanent Delete group channel for normal client", func(t *testing.T) {
+		rgc, resp, err := client.CreateDirectChannel(context.Background(), user.Id, user2.Id)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a direct channel")
+
+		_, err = client.PermanentDeleteChannel(context.Background(), rgc.Id)
+		require.NoError(t, err)
+	})
+
+	t.Run("Soft Delete group channel for normal client", func(t *testing.T) {
+		rgc, resp, err := client.CreateDirectChannel(context.Background(), user.Id, user2.Id)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a direct channel")
+
+		_, err = client.DeleteChannel(context.Background(), rgc.Id)
+		require.Error(t, err)
+	})
+
+	t.Run("Delete group permission failure", func(t *testing.T) {
+		rgc, resp, err := client.CreateDirectChannel(context.Background(), user.Id, user2.Id)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a direct channel")
+
+		th.LoginTeamAdmin()
+		resp, err = client.PermanentDeleteChannel(context.Background(), rgc.Id)
+		require.Error(t, err)
+		CheckForbiddenStatus(t, resp)
+	})
 }
 
 func TestCreateGroupChannel(t *testing.T) {
@@ -2023,13 +2052,51 @@ func TestDeleteGroupChannel(t *testing.T) {
 
 	userIds := []string{user.Id, user2.Id, user3.Id}
 
-	th.TestForAllClients(t, func(t *testing.T, client *model.Client4) {
+	// Enable API channel deletion
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.EnableAPIChannelDeletion = true
+	})
+
+	t.Run("Delete group channel for normal client", func(t *testing.T) {
 		rgc, resp, err := th.Client.CreateGroupChannel(context.Background(), userIds)
 		require.NoError(t, err)
 		CheckCreatedStatus(t, resp)
 		require.NotNil(t, rgc, "should have created a group channel")
-		_, err = client.DeleteChannel(context.Background(), rgc.Id)
-		CheckErrorID(t, err, "api.channel.delete_channel.type.invalid")
+		_, err = th.Client.PermanentDeleteChannel(context.Background(), rgc.Id)
+		require.NoError(t, err)
+	})
+
+	t.Run("Delete group channel for system admin client", func(t *testing.T) {
+		rgc, resp, err := th.SystemAdminClient.CreateGroupChannel(context.Background(), userIds)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a group channel")
+		_, err = th.SystemAdminClient.PermanentDeleteChannel(context.Background(), rgc.Id)
+		require.NoError(t, err)
+	})
+
+	t.Run("Delete group channel permission failure", func(t *testing.T) {
+		rgc, resp, err := th.Client.CreateGroupChannel(context.Background(), userIds)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a group channel")
+
+		th.LoginTeamAdmin()
+		resp, err = th.Client.PermanentDeleteChannel(context.Background(), rgc.Id)
+		require.Error(t, err)
+		CheckForbiddenStatus(t, resp)
+	})
+
+	t.Run("Soft delete group channel", func(t *testing.T) {
+		rgc, resp, err := th.Client.CreateGroupChannel(context.Background(), userIds)
+		require.NoError(t, err)
+		CheckCreatedStatus(t, resp)
+		require.NotNil(t, rgc, "should have created a group channel")
+
+		th.LoginTeamAdmin()
+		resp, err = th.Client.DeleteChannel(context.Background(), rgc.Id)
+		require.Error(t, err)
+		CheckBadRequestStatus(t, resp)
 	})
 }
 

server/i18n/en.json

@@ -401,7 +401,7 @@
   },
   {
     "id": "api.channel.delete_channel.type.invalid",
-    "translation": "Unable to delete direct or group message channels"
+    "translation": "Unable to soft delete direct or group message channels"
   },
   {
     "id": "api.channel.get_channel.flagged_post_mismatch.app_error",