Prevent editing unwritable subject in CreateForm

Doing this by directly using the schema that previous code would
have fetched via API.

This seems to semantically make sense, because regardless of how we
render a component, we should make sure to respect its schema.
On the other hand, it feels weird to directly depend on any class
from the API::V3 namespace in a non-API context.

app/forms/work_packages/dialogs/create_form.rb

@@ -38,6 +38,7 @@ def initialize(work_package:, wrapper_id:)
       super()
 
       @work_package = work_package
+      @schema = API::V3::WorkPackages::Schema::SpecificWorkPackageSchema.new(work_package:)
       @wrapper_id = wrapper_id
       @contract = WorkPackages::CreateContract.new(work_package, User.current)
     end
@@ -76,7 +77,8 @@ def initialize(work_package:, wrapper_id:)
         label: WorkPackage.human_attribute_name(:subject),
         required: true,
         autofocus: autofocus_subject?,
-        input_width: :large
+        input_width: :large,
+        disabled: !@schema.writable?(:subject)
       )
 
       f.rich_text_area(
@@ -85,7 +87,8 @@ def initialize(work_package:, wrapper_id:)
         rich_text_options: {
           resource: work_package,
           showAttachments: false
-        }
+        },
+        disabled: !@schema.writable?(:description)
       )
 
       render_custom_fields(form: f)

spec/components/work_packages/dialogs/create_form_component_spec.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# -- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2010-2024 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+# ++
+
+require "rails_helper"
+
+RSpec.describe WorkPackages::Dialogs::CreateFormComponent, type: :component do
+  subject(:render_component) { render_inline(described_class.new(work_package:, project: work_package.project)) }
+
+  let(:work_package) { create(:work_package) }
+  let(:user) { create(:admin) }
+
+  before do
+    User.current = user
+  end
+
+  it "enables the subject input" do
+    render_component
+    expect(page.find('input[name="work_package[subject]"]')).not_to be_disabled
+  end
+
+  context "when the user has no edit permissions" do
+    let(:user) { User.anonymous }
+
+    it "disables the subject input" do
+      render_component
+      expect(page.find('input[name="work_package[subject]"]')).to be_disabled
+    end
+  end
+
+  context "when the work package subject is generated automatically" do
+    let(:work_package) { create(:work_package, type:) }
+    let(:type) { create(:type, patterns: { subject: { enabled: true, blueprint: "My Subject" } }) }
+
+    it "disables the subject input" do
+      render_component
+      expect(page.find('input[name="work_package[subject]"]')).to be_disabled
+    end
+  end
+end