Allow ExCS admin to destroy starter projects

This gives users with the "experience-cs-admin" role permission to
update starter (or "public") projects (i.e. projects with no `user_id`
set). I've added an example to the destroy project request spec to check
this works as intended.

There are obviously some dangers associated with destroying a starter
project, but I think it's still useful for an ExCS admin to be able to
do it.

Author: floehopper

app/models/ability.rb

@@ -107,6 +107,7 @@ def define_experience_cs_admin_abilities(user)
 
     can :create, Project
     can :update, Project
+    can :destroy, Project
   end
 
   def school_teacher_can_manage_lesson?(user:, school:, lesson:)

spec/models/ability_spec.rb

@@ -144,6 +144,7 @@
 
       it { is_expected.to be_able_to(:create, starter_project) }
       it { is_expected.to be_able_to(:update, starter_project) }
+      it { is_expected.to be_able_to(:destroy, starter_project) }
     end
 
     # rubocop:disable RSpec/MultipleMemoizedHelpers

spec/requests/projects/destroy_spec.rb

@@ -36,6 +36,29 @@
         expect(response).to have_http_status(:forbidden)
       end
     end
+
+    context 'when experience-cs admin deleting a Scratch starter project' do
+      let(:project) do
+        create(
+          :project, {
+            project_type: Project::Types::SCRATCH,
+            user_id: nil,
+            locale: 'en'
+          }
+        )
+      end
+      let(:experience_cs_admin) { create(:experience_cs_admin_user) }
+
+      before do
+        authenticated_in_hydra_as(experience_cs_admin)
+      end
+
+      it 'deletes the project' do
+        expect do
+          delete("/api/projects/#{project.identifier}?project_type=scratch", headers:)
+        end.to change(Project.unscoped, :count).by(-1)
+      end
+    end
   end
 
   context 'when no token is given' do