Only experience-cs admins can create public projects

For the moment, we only want to allow experience-cs admin users to be
able to create public projects.

Author: floehopper

app/controllers/api/public_projects_controller.rb

@@ -5,6 +5,7 @@ class PublicProjectsController < ApiController
     before_action :authorize_user
 
     def create
+      authorize! :create, :public_project
       result = PublicProject::Create.call(project_hash: project_params)
 
       if result.success?

spec/features/public_project/creating_a_public_project_spec.rb

@@ -3,7 +3,7 @@
 require 'rails_helper'
 
 RSpec.describe 'Creating a public project', type: :request do
-  let(:creator) { build(:user) }
+  let(:creator) { build(:experience_cs_admin_user) }
   let(:headers) { { Authorization: UserProfileMock::TOKEN } }
   let(:params) do
     {
@@ -39,6 +39,15 @@
     )
   end
 
+  context 'when creator is not an experience-cs admin' do
+    let(:creator) { build(:user) }
+
+    it 'responds 403 Forbidden' do
+      post('/api/public_projects', headers:, params:)
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
   it 'responds 400 Bad Request when params are malformed' do
     post('/api/public_projects', headers:, params: { project: {} })
     expect(response).to have_http_status(:bad_request)

spec/requests/public_projects/create_spec.rb

@@ -4,7 +4,7 @@
 
 RSpec.describe 'Create public project requests' do
   let(:project) { create(:project) }
-  let(:creator) { build(:user) }
+  let(:creator) { build(:experience_cs_admin_user) }
   let(:params) { { project: { identifier: 'not-blank' } } }
 
   context 'when auth is correct' do

spec/support/user_profile_mock.rb

@@ -31,7 +31,8 @@ def user_to_hash(user, user_type, id_field = :id)
       id_field => user_type ? "#{user_type}:#{user.id}" : user.id,
       name: user.name,
       email: user.email,
-      username: user.username
+      username: user.username,
+      roles: user.roles
     }
   end