Orgs: Use create-organization capability to control access

This is more explicit and future-proof than checking for admin cap.
2017-08-23 13:57:14 +02:00 · 2017-08-23 13:57:14 +02:00 · 40172bf8b5
commit 40172bf8b5
parent 72404d0fd9
2 changed files with 2 additions and 2 deletions
--- a/pillar/api/organizations/hooks.py
+++ b/pillar/api/organizations/hooks.py
@ -18,7 +18,7 @@ def pre_get_organizations(request, lookup):

 def pre_post_organizations(request):
    user = current_user()
-    if user.is_anonymous or not user.has_cap('admin'):
+    if not user.has_cap('create-organization'):
        raise wz_exceptions.Forbidden()


--- a/pillar/config.py
+++ b/pillar/config.py
@ -167,5 +167,5 @@ USER_CAPABILITIES = defaultdict(**{
    'subscriber': {'subscriber', 'home-project'},
    'demo': {'subscriber', 'home-project'},
    'admin': {'subscriber', 'home-project', 'video-encoding', 'admin',
-              'view-pending-nodes', 'edit-project-node-types'},
+              'view-pending-nodes', 'edit-project-node-types', 'create-organization'},
 }, default_factory=frozenset)