From a84c5099313ee7a7ab7daa6180d97ebf7ca2fd05 Mon Sep 17 00:00:00 2001
From: Kevin Hahn <kevin_hahn@sil.org>
Date: Mon, 28 Oct 2024 13:13:50 +0700
Subject: [PATCH] only allow admins to create orgs (follows what the frontend
 does)

---
 backend/LexBoxApi/Services/PermissionService.cs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
index 6656d8eb2..83b1d158c 100644
--- a/backend/LexBoxApi/Services/PermissionService.cs
+++ b/backend/LexBoxApi/Services/PermissionService.cs
@@ -196,10 +196,15 @@ public void AssertHasProjectRequestPermission()
         if (!HasProjectRequestPermission()) throw new UnauthorizedAccessException();
     }
 
+    public bool CanCreateOrg()
+    {
+        return User is {Role: UserRole.admin};
+    }
+
     public void AssertCanCreateOrg()
     {
         //todo adjust permission
-        if (!HasProjectCreatePermission()) throw new UnauthorizedAccessException();
+        if (!CanCreateOrg()) throw new UnauthorizedAccessException();
     }
 
     public bool IsOrgMember(Guid orgId)