[CLD-7046] Ability to disable self hosted server-side requests to CWS (#26070)

* Add 'Disable' config to CloudSettings to prevent the CWS backend from making calls to the Customer Portal

* Add custom error when disabled

* Make Disable setting cloud_restrictable

* Return 422 instead of 400

---------

Co-authored-by: Mattermost Build <build@mattermost.com>

server/channels/api4/cloud.go

@@ -65,10 +65,15 @@ func (api *API) InitCloud() {
 
 func ensureCloudInterface(c *Context, where string) bool {
 	cloud := c.App.Cloud()
+	disabled := c.App.Config().CloudSettings.Disable != nil && *c.App.Config().CloudSettings.Disable
 	if cloud == nil {
 		c.Err = model.NewAppError(where, "api.server.cws.needs_enterprise_edition", nil, "", http.StatusBadRequest)
 		return false
 	}
+	if disabled {
+		c.Err = model.NewAppError(where, "api.server.cws.disabled", nil, "", http.StatusUnprocessableEntity)
+		return false
+	}
 	return true
 }
 

server/i18n/en.json

@@ -2762,6 +2762,10 @@
     "id": "api.server.cws.delete_workspace.app_error",
     "translation": "CWS Server failed to delete workspace."
   },
+  {
+    "id": "api.server.cws.disabled",
+    "translation": "Interactions with the Mattermost Customer Portal have been disabled by the system admin."
+  },
   {
     "id": "api.server.cws.health_check.app_error",
     "translation": "CWS Server is not available."

server/public/model/config.go

@@ -3031,6 +3031,7 @@ type CloudSettings struct {
 	CWSURL    *string `access:"write_restrictable"`
 	CWSAPIURL *string `access:"write_restrictable"`
 	CWSMock   *bool   `access:"write_restrictable"`
+	Disable   *bool   `access:"write_restrictable,cloud_restrictable"`
 }
 
 func (s *CloudSettings) SetDefaults() {
@@ -3054,6 +3055,10 @@ func (s *CloudSettings) SetDefaults() {
 		isMockCws := MockCWS == "true"
 		s.CWSMock = &isMockCws
 	}
+
+	if s.Disable == nil {
+		s.Disable = NewBool(false)
+	}
 }
 
 type ProductSettings struct {