From edc3afcb84b624aedbc9af56861cc1eb0f60dcf3 Mon Sep 17 00:00:00 2001
From: Gagan Trivedi <gagandeeptrivedi47@gmail.com>
Date: Thu, 24 Aug 2023 14:11:23 +0530
Subject: [PATCH] fix(env-clone/permission): allow clone using
 CREATE_ENVIRONMENT (#2675)

---
 api/environments/permissions/permissions.py   |  2 +-
 .../test_unit_environments_views.py           | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/api/environments/permissions/permissions.py b/api/environments/permissions/permissions.py
index 0d0c43ea240d..a42c57d8e007 100644
--- a/api/environments/permissions/permissions.py
+++ b/api/environments/permissions/permissions.py
@@ -48,7 +48,7 @@ def has_object_permission(self, request, view, obj):
             return False
 
         if view.action == "clone":
-            return request.user.is_project_admin(obj.project)
+            return request.user.has_project_permission(CREATE_ENVIRONMENT, obj.project)
 
         return request.user.is_environment_admin(obj) or view.action in [
             "user_permissions"
diff --git a/api/tests/unit/environments/test_unit_environments_views.py b/api/tests/unit/environments/test_unit_environments_views.py
index fe7f07b87610..ffd8b1d99eb7 100644
--- a/api/tests/unit/environments/test_unit_environments_views.py
+++ b/api/tests/unit/environments/test_unit_environments_views.py
@@ -3,6 +3,7 @@
 from rest_framework.test import APIClient
 
 from environments.models import Environment
+from projects.permissions import CREATE_ENVIRONMENT
 
 
 def test_retrieve_environment(
@@ -45,3 +46,22 @@ def test_retrieve_environment(
         response_json["use_mv_v2_evaluation"]
         == environment.use_identity_composite_key_for_hashing
     )
+
+
+def test_can_clone_environment_with_create_environment_permission(
+    test_user,
+    test_user_client,
+    environment,
+    user_project_permission,
+):
+    # Given
+    env_name = "Cloned env"
+    user_project_permission.permissions.add(CREATE_ENVIRONMENT)
+
+    url = reverse("api-v1:environments:environment-clone", args=[environment.api_key])
+
+    # When
+    response = test_user_client.post(url, {"name": env_name})
+
+    # Then
+    assert response.status_code == status.HTTP_200_OK