diff --git a/app/views/portfolios/new.html.erb b/app/views/portfolios/new.html.erb
deleted file mode 100644
index ef38382a099..00000000000
--- a/app/views/portfolios/new.html.erb
+++ /dev/null
@@ -1,41 +0,0 @@
-<%#-- copyright
-OpenProject is an open source project management software.
-Copyright (C) the OpenProject GmbH
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License version 3.
-
-OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
-Copyright (C) 2006-2013 Jean-Philippe Lang
-Copyright (C) 2010-2013 the ChiliProject Team
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-See COPYRIGHT and LICENSE files for more details.
-
-++#%>
-<% html_title t("label_project_new") %>
-<%=
-  render(Primer::OpenProject::PageHeader.new) do |header|
-    header.with_title { t(:label_project_new) }
-    header.with_breadcrumbs([t(:label_project_new)])
-  end
-%>
-
-<%=
-  render Projects::NewComponent.new(
-    project: @new_project
-  )
-%>
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index f859652ece9..f6d0d6ce3bd 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -133,9 +133,90 @@ RSpec.describe ProjectsController do
         it_behaves_like "successful request"
       end
     end
+
+    context "as a non-admin with global add_portfolios permission", with_flag: { portfolio_models: true } do
+      let(:parent) { nil }
+      let(:user) { create(:user, global_permissions: [:add_portfolios]) }
+      let(:template) { nil }
+
+      it_behaves_like "successful request"
+    end
   end
 
   describe "#create" do
+    describe "permission checks" do
+      let(:project) { build_stubbed(:project) }
+      let(:service_result) { ServiceResult.success(result: project) }
+      let(:parent) { nil }
+
+      before do
+        creation_service = instance_double(Projects::CreateService, call: service_result)
+
+        allow(Projects::CreateService)
+          .to receive(:new)
+                .with(user:)
+                .and_return(creation_service)
+
+        post :create, params: { project: { name: "New Project" }, parent_id: parent&.id }
+      end
+
+      shared_examples_for "successful create request" do
+        it "redirects to project show", :aggregate_failures do
+          expect(response).to redirect_to project_path(project)
+          expect(flash[:notice]).to eq I18n.t(:notice_successful_create)
+        end
+      end
+
+      shared_examples_for "forbidden create request" do
+        it "returns 403 Not Authorized" do
+          expect(response).not_to be_successful
+          expect(response).to have_http_status :forbidden
+        end
+      end
+
+      context "as an admin" do
+        it_behaves_like "successful create request"
+
+        context "with a parent" do
+          let(:parent) { create(:project) }
+
+          it_behaves_like "successful create request"
+        end
+      end
+
+      context "as a non-admin with global add_project permission" do
+        let(:user) { create(:user, global_permissions: [:add_project]) }
+
+        it_behaves_like "successful create request"
+
+        context "with a parent with public permissions" do
+          let(:user) { create(:user, global_permissions: [:add_project], member_with_permissions: { parent => [] }) }
+          let(:parent) { create(:project) }
+
+          it_behaves_like "successful create request"
+        end
+      end
+
+      context "as a non-admin without global add_project permission" do
+        let(:user) { create(:user, global_permissions: []) }
+
+        it_behaves_like "forbidden create request"
+
+        context "with a parent with add_subprojects permissions" do
+          let(:user) { create(:user, member_with_permissions: { parent => [:add_subprojects] }) }
+          let(:parent) { create(:project) }
+
+          it_behaves_like "successful create request"
+        end
+      end
+
+      context "as a non-admin with global add_portfolios permission", with_flag: { portfolio_models: true } do
+        let(:user) { create(:user, global_permissions: [:add_portfolios]) }
+
+        it_behaves_like "successful create request"
+      end
+    end
+
     context "without a template" do
       before do
         creation_service = instance_double(Projects::CreateService, call: service_result)
diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb
index b243006856f..7d8922ad6fe 100644
--- a/spec/routing/project_routing_spec.rb
+++ b/spec/routing/project_routing_spec.rb
@@ -57,6 +57,12 @@ RSpec.describe ProjectsController do
         controller: "projects", action: "new", workspace_type: "project"
       )
     end
+
+    it do
+      expect(get("/portfolios/new")).to route_to(
+        controller: "projects", action: "new", workspace_type: "portfolio"
+      )
+    end
   end
 
   describe "create" do