From d91e1e386aa961f2fb51cf77c90a5e490900213a Mon Sep 17 00:00:00 2001
From: Fares Sellaouti <sellaouti.fares@gmail.com>
Date: Sun, 27 Oct 2024 21:55:06 +0100
Subject: [PATCH] Issue 317 : Restrict organization creation : use Django
 permissions

---
 pytition/petition/templates/layouts/nav-useractions.html   | 2 ++
 pytition/petition/templates/petition/account_settings.html | 2 ++
 pytition/petition/templates/petition/user_org_list.html    | 5 ++++-
 pytition/petition/views.py                                 | 2 +-
 pytition/pytition/settings/base.py                         | 1 -
 5 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pytition/petition/templates/layouts/nav-useractions.html b/pytition/petition/templates/layouts/nav-useractions.html
index 836f1c4f..33be501b 100644
--- a/pytition/petition/templates/layouts/nav-useractions.html
+++ b/pytition/petition/templates/layouts/nav-useractions.html
@@ -26,10 +26,12 @@
             <span class="oi oi-plus"></span>
             {% trans "New Petition" %}
           </a>
+        {% if not settings.RESTRICT_ORG_CREATION or perms.petition.add_organization %}
           <a class="dropdown-item" href="{% url "org_create" %}">
             <span class="oi oi-plus"></span>
             {% trans "New Organization" %}
           </a>
+        {% endif %}
           <div class="dropdown-divider"></div>
           <a class="dropdown-item" href="{% url "account_settings" %}">
             <span class="oi oi-cog"></span>
diff --git a/pytition/petition/templates/petition/account_settings.html b/pytition/petition/templates/petition/account_settings.html
index ab6b84ed..0eddb95e 100644
--- a/pytition/petition/templates/petition/account_settings.html
+++ b/pytition/petition/templates/petition/account_settings.html
@@ -71,9 +71,11 @@ <h5 class="mt-2 mb-2"><a href="{% url 'org_dashboard' org.slugname %}">{{org.nam
                 {% else %}
                 <i>{% trans "You are not part of any organization" %}</i>
                 {% endif %}
+                {% if not settings.RESTRICT_ORG_CREATION or perms.petition.add_organization %}
                 <div class="text-center mt-5">
                     <a href="{% url 'org_create' %}" class="btn btn-primary">{% trans "Create an Organization" %}</a>
                 </div>
+                {% endif %}
             </div>
             <div class="tab-pane fade" id="delete_account_form" role="tabpanel"
                  aria-labelledby="delete-account-form-list">
diff --git a/pytition/petition/templates/petition/user_org_list.html b/pytition/petition/templates/petition/user_org_list.html
index 6f68cf38..60563acd 100644
--- a/pytition/petition/templates/petition/user_org_list.html
+++ b/pytition/petition/templates/petition/user_org_list.html
@@ -2,7 +2,10 @@
 <div class="dashboard-nav-item py-3">
   <div class="d-flex justify-content-between align-items-center flex-wrap">
     <h4><span class="oi oi-people"></span>&nbsp;{% trans "Organizations" %}&nbsp;({{ user.organization_set.all.count }})</h4>
-    <a href="{% url "org_create" %}" class="btn btn-outline-primary btn-sm" data-toggle="tooltip" title="{% trans "Create a new organization" %}">{% trans "New organization" %}</a>
+      {% if not settings.RESTRICT_ORG_CREATION or perms.petition.add_organization %}
+          <a href="{% url "org_create" %}" class="btn btn-outline-primary btn-sm" data-toggle="tooltip"
+             title="{% trans "Create a new organization" %}">{% trans "New organization" %}</a>
+      {% endif %}
   </div>
   <ul class="dashboard-org-list">
   {% for org in user.organization_set.all %}
diff --git a/pytition/petition/views.py b/pytition/petition/views.py
index 4cbfa742..d5fafefa 100644
--- a/pytition/petition/views.py
+++ b/pytition/petition/views.py
@@ -1545,7 +1545,7 @@ def account_settings(request):
 # Create a new organization
 @login_required
 def org_create(request):
-    if settings.RESTRICT_ORG_CREATION and not request.user.is_superuser:
+    if settings.RESTRICT_ORG_CREATION and not request.user.has_perm('petition.add_organization'):
         messages.error(request, _("Only super users can create an organization."))
         return redirect("user_dashboard")
     user = get_session_user(request)
diff --git a/pytition/pytition/settings/base.py b/pytition/pytition/settings/base.py
index d90c024b..415e4bae 100644
--- a/pytition/pytition/settings/base.py
+++ b/pytition/pytition/settings/base.py
@@ -265,7 +265,6 @@
 DISABLE_USER_PETITION = False
 
 #:| If set to True, regular users won't be able to create new organizations.
-#:| Only superusers will be allowed to
 RESTRICT_ORG_CREATION = False
 
 #:| Default address for 'Reply to' field in mail sent on account creation