Error popups on trying to delete a project on sandbox due to user limitation #3643

Fixes: #3643

Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>

Author: vrubezhny

package.json

@@ -1592,7 +1592,7 @@
 				},
 				{
 					"command": "openshift.project.delete",
-					"when": "view == openshiftProjectExplorer && viewItem == openshift.project",
+					"when": "view == openshiftProjectExplorer && viewItem =~ /openshift\\.project.*\\.canDelete*/",
 					"group": "p3"
 				},
 				{
@@ -1713,7 +1713,7 @@
 				},
 				{
 					"command": "openshift.project.set",
-					"when": "view == openshiftProjectExplorer && (viewItem == openshift.k8sContext || viewItem == openshift.project) && canCreateNamespace",
+					"when": "view == openshiftProjectExplorer && (viewItem == openshift.k8sContext || viewItem =~ /openshift\\.project.*/) && canCreateNamespace",
 					"group": "inline"
 				},
 				{

src/explorer.ts

@@ -109,8 +109,16 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
         return OpenShiftExplorer.instance;
     }
 
+    private static async generateOpenshiftProjectContextValue(namespace: string): Promise<string> {
+        let contextValue = `openshift.project.${namespace}`;
+        if (await Oc.Instance.canDeleteNamespace(namespace)) {
+            contextValue += `${contextValue}.canDelete`;
+        }
+        return contextValue;
+    }
+
     // eslint-disable-next-line class-methods-use-this
-    getTreeItem(element: ExplorerItem): TreeItem | Thenable<TreeItem> {
+    async getTreeItem(element: ExplorerItem): Promise<TreeItem | Thenable<TreeItem>> {
 
         if ('command' in element) {
             return element;
@@ -163,7 +171,7 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
         if ('kind' in element) {
             if (element.kind === 'project') {
                 return {
-                    contextValue: 'openshift.project',
+                    contextValue: await OpenShiftExplorer.generateOpenshiftProjectContextValue(element.metadata.name),
                     label: element.metadata.name,
                     collapsibleState: TreeItemCollapsibleState.Collapsed,
                     iconPath: path.resolve(__dirname, '../../images/context/project-node.png')
@@ -205,8 +213,7 @@ export class OpenShiftExplorer implements TreeDataProvider<ExplorerItem>, Dispos
                 result = [this.kubeContext];
                 if (this.kubeContext) {
                     const config = getKubeConfigFiles();
-                    const canCreateNamespace = await Oc.Instance.canCreateNamespace();
-                    void commands.executeCommand('setContext', 'canCreateNamespace', canCreateNamespace);
+                    void commands.executeCommand('setContext', 'canCreateNamespace', await Oc.Instance.canCreateNamespace());
                     result.unshift({ label: process.env.KUBECONFIG ? 'Custom KubeConfig' : 'Default KubeConfig', description: config.join(':') })
                 }
             } catch (err) {

src/oc/ocWrapper.ts

@@ -194,6 +194,30 @@ export class Oc {
         return false;
     }
 
+    /**
+     * Returns true if the current user is authorized to delete a namespace on the cluster, and false otherwise.
+     *
+     * @param namespace the namespace to be deleted (defaults to the current namespace if none is provided)
+     * @returns true if the current user is authorized to delete namespace on the cluster, and false otherwise
+     */
+    public async canDeleteNamespace(namespace?: string): Promise<boolean> {
+        try {
+            const args: CommandOption[] = [];
+            if (namespace) {
+                args.push(new CommandOption('--namespace', namespace));
+            }
+            const result = await CliChannel.getInstance().executeTool(
+                new CommandText('oc', 'auth can-i delete projects', args)
+            );
+            if (result.stdout === 'yes') {
+                return true;
+            }
+        } catch {
+            //ignore
+        }
+        return false;
+    }
+
     /**
      * Returns true if the current user is authorized to get a kubernates objects on the cluster, and false otherwise.
      *