Enforce 'DeleteSandbox' Permission Set requirement for Sandbox Deletion

[laissaouibrahim]

• Issue : Enforce 'DeleteSandbox' Permission Set requirement for Sandbox Deletion forcedotcom/cli#3471
• Idea : https://ideas.salesforce.com/s/idea/a0BHp000019OleeMAC/add-system-permission-requirement-for-sf-org-delete-sandbox-command

Summary
As requested in IdeaExchange: Add system permission requirement for sf org delete sandbox command, we need to add a security layer to prevent accidental or unauthorized sandbox deletions via the CLI.

Problem
Currently, any user who has authenticated to a sandbox via the CLI can run sf org delete sandbox and delete it. There is no granular permission check within the Salesforce org to restrict this destructive action.

Proposed Solution
Modify the org delete sandbox command to enforce a permission check against the target sandbox before proceeding with deletion.

Acceptance Criteria

1. Permission Check : The command must verify if the authenticated user has the 'DeleteSandbox' Permission Set assigned in the target org.
2. Blocking: If the user does not have this Permission Set, the command must fail with an insufficientPermissions error and NOT delete the sandbox.

Implementation Details

• Implement a hasPermission() method in the command class.
• create a new permissionset :
• 
• Query the PermissionSetAssignment object to check for the assignment of a Permission Set named 'DeleteSandbox' for the current user.

Testing

• Missing assigned PermissionSet to current user :

• User with assigned PermissionSet :

• Another error :

[salesforce-cla]

Thanks for the contribution! Before we can merge this, we need @laissaouibrahim to sign the Salesforce Inc. Contributor License Agreement.

[laissaouibrahim]

Thanks for the contribution! Before we can merge this, we need @laissaouibrahim to sign the Salesforce Inc. Contributor License Agreement.

done !