1 files changed, 38 insertions, 0 deletions

diff --git a/api4/command.go b/api4/command.go
index 2466567c1..0638edd38 100644
--- a/api4/command.go
+++ b/api4/command.go
@@ -20,6 +20,7 @@ func InitCommand() {
 	BaseRoutes.Commands.Handle("", ApiSessionRequired(listCommands)).Methods("GET")
 
 	BaseRoutes.Command.Handle("", ApiSessionRequired(updateCommand)).Methods("PUT")
+	BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE")
 
 	BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET")
 }
@@ -99,6 +100,43 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(rcmd.ToJson()))
 }
 
+func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireCommandId()
+	if c.Err != nil {
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	cmd, err := app.GetCommand(c.Params.CommandId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+		c.LogAudit("fail - inappropriate permissions")
+		c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
+		return
+	}
+
+	if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+		c.LogAudit("fail - inappropriate permissions")
+		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
+		return
+	}
+
+	err = app.DeleteCommand(cmd.Id)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("success")
+
+	ReturnStatusOK(w)
+}
+
 func listCommands(c *Context, w http.ResponseWriter, r *http.Request) {
 	customOnly, failConv := strconv.ParseBool(r.URL.Query().Get("custom_only"))
 	if failConv != nil {