Restrict creating organisations by user (#193)

* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration

models/error.go

@@ -123,6 +123,20 @@ func (err ErrUserHasOrgs) Error() string {
 	return fmt.Sprintf("user still has membership of organizations [uid: %d]", err.UID)
 }
 
+// ErrUserNotAllowedCreateOrg represents a "UserNotAllowedCreateOrg" kind of error.
+type ErrUserNotAllowedCreateOrg struct {
+}
+
+// IsErrUserNotAllowedCreateOrg checks if an error is an ErrUserNotAllowedCreateOrg.
+func IsErrUserNotAllowedCreateOrg(err error) bool {
+	_, ok := err.(ErrUserNotAllowedCreateOrg)
+	return ok
+}
+
+func (err ErrUserNotAllowedCreateOrg) Error() string {
+	return fmt.Sprintf("user is not allowed to create organizations")
+}
+
 // ErrReachLimitOfRepo represents a "ReachLimitOfRepo" kind of error.
 type ErrReachLimitOfRepo struct {
 	Limit int

models/migrations/migrations.go

@@ -76,8 +76,10 @@ var migrations = []Migration{
 
 	// v13 -> v14:v0.9.87
 	NewMigration("set comment updated with created", setCommentUpdatedWithCreated),
-
+	// v14
 	NewMigration("create user column diff view style", createUserColumnDiffViewStyle),
+	// v15
+	NewMigration("create user column allow create organization", createAllowCreateOrganizationColumn),
 }
 
 // Migrate database to current version

models/migrations/v15.go

@@ -0,0 +1,30 @@
+// Copyright 2016 Gitea. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"fmt"
+
+	"github.com/go-xorm/xorm"
+)
+
+// UserV15 describes the added field for User
+type UserV15 struct {
+	AllowCreateOrganization bool
+}
+
+// TableName will be invoked by XORM to customrize the table name
+func (*UserV15) TableName() string {
+	return "user"
+}
+
+func createAllowCreateOrganizationColumn(x *xorm.Engine) error {
+	if err := x.Sync2(new(UserV15)); err != nil {
+		return fmt.Errorf("Sync2: %v", err)
+	} else if _, err = x.Where("type=0").Cols("allow_create_organization").Update(&UserV15{AllowCreateOrganization: true}); err != nil {
+		return fmt.Errorf("set allow_create_organization: %v", err)
+	}
+	return nil
+}

models/org.go

@@ -97,6 +97,10 @@ func (org *User) RemoveOrgRepo(repoID int64) error {
 
 // CreateOrganization creates record of a new organization.
 func CreateOrganization(org, owner *User) (err error) {
+	if !owner.CanCreateOrganization() {
+		return ErrUserNotAllowedCreateOrg{}
+	}
+
 	if err = IsUsableUsername(org.Name); err != nil {
 		return err
 	}

models/user.go

@@ -102,11 +102,12 @@ type User struct {
 	MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
 
 	// Permissions
-	IsActive         bool // Activate primary email
-	IsAdmin          bool
-	AllowGitHook     bool
-	AllowImportLocal bool // Allow migrate repository by local path
-	ProhibitLogin    bool
+	IsActive                bool // Activate primary email
+	IsAdmin                 bool
+	AllowGitHook            bool
+	AllowImportLocal        bool // Allow migrate repository by local path
+	AllowCreateOrganization bool `xorm:"DEFAULT true"`
+	ProhibitLogin           bool
 
 	// Avatar
 	Avatar          string `xorm:"VARCHAR(2048) NOT NULL"`
@@ -210,6 +211,11 @@ func (u *User) CanCreateRepo() bool {
 	return u.NumRepos < u.MaxRepoCreation
 }
 
+// CanCreateOrganization returns true if user can create organisation.
+func (u *User) CanCreateOrganization() bool {
+	return u.IsAdmin || u.AllowCreateOrganization
+}
+
 // CanEditGitHook returns true if user can edit Git hooks.
 func (u *User) CanEditGitHook() bool {
 	return u.IsAdmin || u.AllowGitHook
@@ -611,6 +617,7 @@ func CreateUser(u *User) (err error) {
 		return err
 	}
 	u.EncodePasswd()
+	u.AllowCreateOrganization = true
 	u.MaxRepoCreation = -1
 
 	sess := x.NewSession()