Guard the Allocate action behind the allocate_user_resources permission

modules/resource_management/app/components/resource_planner_views/work_package_list/sub_header_component.html.erb

@@ -49,13 +49,15 @@ See COPYRIGHT and LICENSE files for more details.
           "aria-label": t("resource_management.work_package_list.subheader.add")
         }
       ) do |menu|
-        menu.with_item(
-          label: t("resource_management.work_package_list.subheader.allocate"),
-          tag: :a,
-          href: new_project_resource_allocation_path(@project),
-          content_arguments: { data: { controller: "async-dialog" } }
-        ) do |item|
-          item.with_leading_visual_icon(icon: :people)
+        if allowed_to_allocate?
+          menu.with_item(
+            label: t("resource_management.work_package_list.subheader.allocate"),
+            tag: :a,
+            href: new_project_resource_allocation_path(@project),
+            content_arguments: { data: { controller: "async-dialog" } }
+          ) do |item|
+            item.with_leading_visual_icon(icon: :people)
+          end
         end
 
         menu.with_item(
@@ -67,7 +69,7 @@ See COPYRIGHT and LICENSE files for more details.
           item.with_leading_visual_icon(icon: :"op-relations")
         end
       end
-    else
+    elsif allowed_to_allocate?
       subheader.with_action_button(
         leading_icon: :plus,
         scheme: :primary,

modules/resource_management/app/components/resource_planner_views/work_package_list/sub_header_component.rb

@@ -38,5 +38,11 @@ module ResourcePlannerViews::WorkPackageList
       @resource_planner = resource_planner
       @view = view
     end
+
+    private
+
+    def allowed_to_allocate?
+      User.current.allowed_in_project?(:allocate_user_resources, @project)
+    end
   end
 end