Orgs: Use create-organization capability to control access

This is more explicit and future-proof than checking for admin cap.
2017-08-23 13:57:14 +02:00
parent 72404d0fd9
commit 40172bf8b5
2 changed files with 2 additions and 2 deletions
--- a/pillar/api/organizations/hooks.py
+++ b/pillar/api/organizations/hooks.py
@@ -18,7 +18,7 @@ def pre_get_organizations(request, lookup):

 def pre_post_organizations(request):
    user = current_user()
-    if user.is_anonymous or not user.has_cap('admin'):
+    if not user.has_cap('create-organization'):
        raise wz_exceptions.Forbidden()