Error popups on trying to delete a project on sandbox due to user limitation #3643

Fixes: #3643

Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>

Author: vrubezhny

package.json

@@ -1592,7 +1592,7 @@
 				},
 				{
 					"command": "openshift.project.delete",
-					"when": "view == openshiftProjectExplorer && viewItem == openshift.project",
+					"when": "view == openshiftProjectExplorer && viewItem =~ /openshift\\.project.*\\.canDelete*/",
 					"group": "p3"
 				},
 				{
@@ -1713,7 +1713,7 @@
 				},
 				{
 					"command": "openshift.project.set",
-					"when": "view == openshiftProjectExplorer && (viewItem == openshift.k8sContext || viewItem == openshift.project) && canCreateNamespace",
+					"when": "view == openshiftProjectExplorer && (viewItem == openshift.k8sContext || viewItem =~ /openshift\\.project.*/) && canCreateNamespace",
 					"group": "inline"
 				},
 				{

src/explorer.ts

@@ -109,6 +109,12 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
         return OpenShiftExplorer.instance;
     }
 
+    private static generateOpenshiftProjectContextValue(namespace: string): Thenable<string> {
+        const contextValue = `openshift.project.${namespace}`;
+        return Oc.Instance.canDeleteNamespace(namespace)
+            .then(result => (result ? `${contextValue}.canDelete` : contextValue));
+    }
+
     // eslint-disable-next-line class-methods-use-this
     getTreeItem(element: ExplorerItem): TreeItem | Thenable<TreeItem> {
 
@@ -162,12 +168,15 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
         // otherwise it is a KubernetesObject instance
         if ('kind' in element) {
             if (element.kind === 'project') {
-                return {
-                    contextValue: 'openshift.project',
-                    label: element.metadata.name,
-                    collapsibleState: TreeItemCollapsibleState.Collapsed,
-                    iconPath: path.resolve(__dirname, '../../images/context/project-node.png')
-                }
+                return  OpenShiftExplorer.generateOpenshiftProjectContextValue(element.metadata.name)
+                    .then(namespace => {
+                        return {
+                            contextValue: namespace,
+                            label: element.metadata.name,
+                            collapsibleState: TreeItemCollapsibleState.Collapsed,
+                            iconPath: path.resolve(__dirname, '../../images/context/project-node.png')
+                        }
+                    });
             } else if (element.kind === 'helm') {
                 return {
                     contextValue: 'openshift.helm.repos',
@@ -205,8 +214,7 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
                 result = [this.kubeContext];
                 if (this.kubeContext) {
                     const config = getKubeConfigFiles();
-                    const canCreateNamespace = await Oc.Instance.canCreateNamespace();
-                    void commands.executeCommand('setContext', 'canCreateNamespace', canCreateNamespace);
+                    void commands.executeCommand('setContext', 'canCreateNamespace', await Oc.Instance.canCreateNamespace());
                     result.unshift({ label: process.env.KUBECONFIG ? 'Custom KubeConfig' : 'Default KubeConfig', description: config.join(':') })
                 }
             } catch (err) {

src/oc/ocWrapper.ts

@@ -194,6 +194,30 @@ export class Oc {
         return false;
     }
 
+    /**
+     * Returns true if the current user is authorized to delete a namespace on the cluster, and false otherwise.
+     *
+     * @param namespace the namespace to be deleted (defaults to the current namespace if none is provided)
+     * @returns true if the current user is authorized to delete namespace on the cluster, and false otherwise
+     */
+    public async canDeleteNamespace(namespace?: string): Promise<boolean> {
+        try {
+            const args: CommandOption[] = [];
+            if (namespace) {
+                args.push(new CommandOption('--namespace', namespace));
+            }
+            const result = await CliChannel.getInstance().executeTool(
+                new CommandText('oc', 'auth can-i delete projects', args)
+            );
+            if (result.stdout === 'yes') {
+                return true;
+            }
+        } catch {
+            //ignore
+        }
+        return false;
+    }
+
     /**
      * Returns true if the current user is authorized to get a kubernates objects on the cluster, and false otherwise.
      *