realm: Don't allow changing enable_spectator_access to True on limited plan.

We do not allow changing enable_spectator_access to True using API on
limited plan realms. Frontend changes have been done previously.

This is a follow-up of #22179.

zerver/tests/test_realm.py

@@ -1373,6 +1373,16 @@ class RealmAPITest(ZulipTestCase):
         realm = get_realm("zulip")
         self.assertEqual(realm.invite_to_realm_policy, Realm.POLICY_ADMINS_ONLY)
 
+    def test_enable_spectator_access_for_limited_plan_realms(self) -> None:
+        self.login("iago")
+        realm = get_realm("zulip")
+        do_change_realm_plan_type(realm, Realm.PLAN_TYPE_LIMITED, acting_user=None)
+        self.assertFalse(realm.enable_spectator_access)
+
+        req = {"enable_spectator_access": orjson.dumps(True).decode()}
+        result = self.client_patch("/json/realm", req)
+        self.assert_json_error(result, "Available on Zulip Cloud Standard. Upgrade to access.")
+
 
 class ScrubRealmTest(ZulipTestCase):
     def test_scrub_realm(self) -> None:

zerver/views/realm.py

@@ -179,6 +179,9 @@ def update_realm(
     if invite_to_realm_policy is not None and not user_profile.is_realm_owner:
         raise OrganizationOwnerRequired()
 
+    if enable_spectator_access:
+        realm.ensure_not_on_limited_plan()
+
     data: Dict[str, Any] = {}
 
     message_content_delete_limit_seconds: Optional[int] = None