From d67b278a0d05e122bf510ac52bfbd69eab4f654d Mon Sep 17 00:00:00 2001
From: Bo-Yi Wu <appleboy.tw@gmail.com>
Date: Tue, 14 Feb 2017 20:16:00 +0800
Subject: [PATCH] feat: Able to disable non-admin to create new organization
 (#927)

---
 cmd/web.go                     | 10 ++++++++--
 conf/app.ini                   |  2 ++
 models/user.go                 |  2 +-
 models/user_test.go            | 21 +++++++++++++++++++++
 modules/setting/setting.go     |  7 +++++++
 routers/admin/users.go         |  1 +
 templates/admin/user/edit.tmpl |  2 ++
 7 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/cmd/web.go b/cmd/web.go
index b793cf0daf..03a87ca0d6 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -345,8 +345,14 @@ func runWeb(ctx *cli.Context) error {
 
 	// ***** START: Organization *****
 	m.Group("/org", func() {
-		m.Get("/create", org.Create)
-		m.Post("/create", bindIgnErr(auth.CreateOrgForm{}), org.CreatePost)
+		m.Group("", func() {
+			m.Get("/create", org.Create)
+			m.Post("/create", bindIgnErr(auth.CreateOrgForm{}), org.CreatePost)
+		}, func(ctx *context.Context) {
+			if !ctx.User.CanCreateOrganization() {
+				ctx.NotFound()
+			}
+		})
 
 		m.Group("/:org", func() {
 			m.Get("/dashboard", user.Dashboard)
diff --git a/conf/app.ini b/conf/app.ini
index 8338a1b93d..1390d4537a 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -163,6 +163,8 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve
 UPDATE_BUFFER_LEN = 20
 
 [admin]
+; Disable regular (non-admin) users to create organizations
+DISABLE_REGULAR_ORG_CREATION = false
 
 [security]
 ; Whether the installer is disabled
diff --git a/models/user.go b/models/user.go
index 0e1710de7e..5f0816cd48 100644
--- a/models/user.go
+++ b/models/user.go
@@ -223,7 +223,7 @@ func (u *User) CanCreateRepo() bool {
 
 // CanCreateOrganization returns true if user can create organisation.
 func (u *User) CanCreateOrganization() bool {
-	return u.IsAdmin || u.AllowCreateOrganization
+	return u.IsAdmin || (u.AllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation)
 }
 
 // CanEditGitHook returns true if user can edit Git hooks.
diff --git a/models/user_test.go b/models/user_test.go
index fb3c46d223..b10ed9dcba 100644
--- a/models/user_test.go
+++ b/models/user_test.go
@@ -7,6 +7,8 @@ package models
 import (
 	"testing"
 
+	"code.gitea.io/gitea/modules/setting"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -17,3 +19,22 @@ func TestGetUserEmailsByNames(t *testing.T) {
 	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames([]string{"user8", "user9"}))
 	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, GetUserEmailsByNames([]string{"user8", "user5"}))
 }
+
+func TestCanCreateOrganization(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	assert.True(t, admin.CanCreateOrganization())
+
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.True(t, user.CanCreateOrganization())
+	// Disable user create organization permission.
+	user.AllowCreateOrganization = false
+	assert.False(t, user.CanCreateOrganization())
+
+	setting.Admin.DisableRegularOrgCreation = true
+	user.AllowCreateOrganization = true
+	assert.True(t, admin.CanCreateOrganization())
+	assert.False(t, user.CanCreateOrganization())
+
+}
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 0e8d4a6483..583dab40fa 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -257,6 +257,11 @@ var (
 		FileExtensions:      strings.Split(".md,.markdown,.mdown,.mkd", ","),
 	}
 
+	// Admin settings
+	Admin struct {
+		DisableRegularOrgCreation bool
+	}
+
 	// Picture settings
 	AvatarUploadPath      string
 	GravatarSource        string
@@ -855,6 +860,8 @@ please consider changing to GITEA_CUSTOM`)
 		log.Fatal(4, "Failed to map UI settings: %v", err)
 	} else if err = Cfg.Section("markdown").MapTo(&Markdown); err != nil {
 		log.Fatal(4, "Failed to map Markdown settings: %v", err)
+	} else if err = Cfg.Section("admin").MapTo(&Admin); err != nil {
+		log.Fatal(4, "Fail to map Admin settings: %v", err)
 	} else if err = Cfg.Section("cron").MapTo(&Cron); err != nil {
 		log.Fatal(4, "Failed to map Cron settings: %v", err)
 	} else if err = Cfg.Section("git").MapTo(&Git); err != nil {
diff --git a/routers/admin/users.go b/routers/admin/users.go
index c02f366f66..d480029143 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -158,6 +158,7 @@ func EditUser(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
+	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
 
 	prepareUserInfo(ctx)
 	if ctx.Written() {
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index 91fbf781f3..2d9c12e822 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -97,12 +97,14 @@
 								<input name="allow_import_local" type="checkbox" {{if .User.CanImportLocal}}checked{{end}}>
 							</div>
 						</div>
+						{{if not .DisableRegularOrgCreation}}
 						<div class="inline field">
 							<div class="ui checkbox">
 								<label><strong>{{.i18n.Tr "admin.users.allow_create_organization"}}</strong></label>
 								<input name="allow_create_organization" type="checkbox" {{if .User.CanCreateOrganization}}checked{{end}}>
 							</div>
 						</div>
+						{{end}}
 
 						<div class="ui divider"></div>