1 files changed, 14 insertions, 1 deletions

diff --git a/spec/support/shared_examples/requests/api/ml/mlflow/mlflow_shared_examples.rb b/spec/support/shared_examples/requests/api/ml/mlflow/mlflow_shared_examples.rb
index f2c38d70508..00e50b07909 100644
--- a/spec/support/shared_examples/requests/api/ml/mlflow/mlflow_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/ml/mlflow/mlflow_shared_examples.rb
@@ -8,12 +8,25 @@ RSpec.shared_examples 'MLflow|Not Found - Resource Does Not Exist' do
   end
 end
 
-RSpec.shared_examples 'MLflow|Requires api scope' do
+RSpec.shared_examples 'MLflow|Requires api scope and write permission' do
   context 'when user has access but token has wrong scope' do
     let(:access_token) { tokens[:read] }
 
     it { is_expected.to have_gitlab_http_status(:forbidden) }
   end
+
+  context 'when user has access but is not allowed to write' do
+    before do
+      allow(Ability).to receive(:allowed?).and_call_original
+      allow(Ability).to receive(:allowed?)
+                          .with(current_user, :write_model_experiments, project)
+                          .and_return(false)
+    end
+
+    it "is Unauthorized" do
+      is_expected.to have_gitlab_http_status(:unauthorized)
+    end
+  end
 end
 
 RSpec.shared_examples 'MLflow|Requires read_api scope' do