[PLT-6838] Restrict channel delete option per permission policy even for last channel member (#6706)

* channel delete option is hidden from the menu unless there is appropriate permissions as set in the policy page

* apply to public channel only and add restriction to API layer

* updated channel deletion

6 files changed, 45 insertions, 37 deletions

diff --git a/api4/channel.go b/api4/channel.go
index 26892bf2f..604c47464 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil {
+	if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil {
 		c.Err = err
 		return
 	} else {
@@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Allow delete if user is the only member left in channel
-	if memberCount > 1 {
-		if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
-			c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
-			return
-		}
+	if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
+		return
+	}
 
-		if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
-			c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
-			return
-		}
+	// Allow delete if there's only one member left in a private channel
+	if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
+		return
 	}
 
 	err = app.DeleteChannel(channel, c.Session.UserId)
diff --git a/api4/channel_test.go b/api4/channel_test.go
index e1b5ee5a7..a1c5d2ad8 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -901,12 +901,14 @@ func TestDeleteChannel(t *testing.T) {
 	Client = th.Client
 	team = th.BasicTeam
 	user = th.BasicUser
+	user2 = th.BasicUser2
 
 	// channels created by SystemAdmin
 	publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN)
 	privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	app.AddUserToChannel(user, publicChannel6)
 	app.AddUserToChannel(user, privateChannel7)
+	app.AddUserToChannel(user2, privateChannel7)
 
 	// successful delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -924,6 +926,7 @@ func TestDeleteChannel(t *testing.T) {
 	privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	app.AddUserToChannel(user, publicChannel6)
 	app.AddUserToChannel(user, privateChannel7)
+	app.AddUserToChannel(user2, privateChannel7)
 
 	// cannot delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -948,6 +951,7 @@ func TestDeleteChannel(t *testing.T) {
 	privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	app.AddUserToChannel(user, publicChannel6)
 	app.AddUserToChannel(user, privateChannel7)
+	app.AddUserToChannel(user2, privateChannel7)
 
 	// successful delete by team admin
 	UpdateUserToTeamAdmin(user, team)
@@ -976,6 +980,7 @@ func TestDeleteChannel(t *testing.T) {
 	privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	app.AddUserToChannel(user, publicChannel6)
 	app.AddUserToChannel(user, privateChannel7)
+	app.AddUserToChannel(user2, privateChannel7)
 
 	// cannot delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1017,6 +1022,7 @@ func TestDeleteChannel(t *testing.T) {
 	privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	app.AddUserToChannel(user, publicChannel6)
 	app.AddUserToChannel(user, privateChannel7)
+	app.AddUserToChannel(user2, privateChannel7)
 
 	// cannot delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1056,12 +1062,14 @@ func TestDeleteChannel(t *testing.T) {
 	_, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id)
 	CheckNoError(t, resp)
 
-	// last member of a channel should be able to delete it regardless of required permissions
+	// last member of a public channel should have required permission to delete
 	publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN)
-	privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
 
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
-	CheckNoError(t, resp)
+	CheckForbiddenStatus(t, resp)
+
+	// last member of a private channel should be able to delete it regardless of required permissions
+	privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
 
 	_, resp = Client.DeleteChannel(privateChannel7.Id)
 	CheckNoError(t, resp)
diff --git a/webapp/components/channel_header.jsx b/webapp/components/channel_header.jsx
index a409baec6..b6fcf7ef7 100644
--- a/webapp/components/channel_header.jsx
+++ b/webapp/components/channel_header.jsx
@@ -720,11 +720,7 @@ export default class ChannelHeader extends React.Component {
                 );
             }
 
-            if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin)) {
-                if (!ChannelStore.isDefault(channel)) {
-                    dropdownContents.push(deleteOption);
-                }
-            } else if (this.state.userCount === 1) {
+            if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, this.state.userCount)) {
                 dropdownContents.push(deleteOption);
             }
 
diff --git a/webapp/components/delete_channel_modal.jsx b/webapp/components/delete_channel_modal.jsx
index 74ba51a4c..fd5447524 100644
--- a/webapp/components/delete_channel_modal.jsx
+++ b/webapp/components/delete_channel_modal.jsx
@@ -33,6 +33,7 @@ export default class DeleteChannelModal extends React.Component {
 
         browserHistory.push(TeamStore.getCurrentTeamRelativeUrl() + '/channels/town-square');
         deleteChannel(this.props.channel.id);
+        this.onHide();
     }
 
     onHide() {
diff --git a/webapp/components/navbar.jsx b/webapp/components/navbar.jsx
index b27e22709..fa759cae7 100644
--- a/webapp/components/navbar.jsx
+++ b/webapp/components/navbar.jsx
@@ -529,23 +529,21 @@ export default class Navbar extends React.Component {
                     );
                 }
 
-                if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin) || this.state.userCount === 1) {
-                    if (!ChannelStore.isDefault(channel)) {
-                        deleteChannelOption = (
-                            <li role='presentation'>
-                                <ToggleModalButton
-                                    role='menuitem'
-                                    dialogType={DeleteChannelModal}
-                                    dialogProps={{channel}}
-                                >
-                                    <FormattedMessage
-                                        id='channel_header.delete'
-                                        defaultMessage='Delete Channel'
-                                    />
-                                </ToggleModalButton>
-                            </li>
-                        );
-                    }
+                if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, this.state.userCount)) {
+                    deleteChannelOption = (
+                        <li role='presentation'>
+                            <ToggleModalButton
+                                role='menuitem'
+                                dialogType={DeleteChannelModal}
+                                dialogProps={{channel}}
+                            >
+                                <FormattedMessage
+                                    id='channel_header.delete'
+                                    defaultMessage='Delete Channel'
+                                />
+                            </ToggleModalButton>
+                        </li>
+                    );
                 }
 
                 const canLeave = channel.type === Constants.PRIVATE_CHANNEL ? this.state.userCount > 1 : true;
diff --git a/webapp/utils/channel_utils.jsx b/webapp/utils/channel_utils.jsx
index e3a9f0423..c29cea386 100644
--- a/webapp/utils/channel_utils.jsx
+++ b/webapp/utils/channel_utils.jsx
@@ -190,11 +190,15 @@ export function showManagementOptions(channel, isAdmin, isSystemAdmin, isChannel
     return true;
 }
 
-export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin) {
+export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, userCount) {
     if (global.window.mm_license.IsLicensed !== 'true') {
         return true;
     }
 
+    if (ChannelStore.isDefault(channel)) {
+        return false;
+    }
+
     if (channel.type === Constants.OPEN_CHANNEL) {
         if (global.window.mm_config.RestrictPublicChannelDeletion === Constants.PERMISSIONS_SYSTEM_ADMIN && !isSystemAdmin) {
             return false;
@@ -206,6 +210,9 @@ export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin
             return false;
         }
     } else if (channel.type === Constants.PRIVATE_CHANNEL) {
+        if (userCount === 1) {
+            return true;
+        }
         if (global.window.mm_config.RestrictPrivateChannelDeletion === Constants.PERMISSIONS_SYSTEM_ADMIN && !isSystemAdmin) {
             return false;
         }