Fix the call that determines if an organization has enough private repositories.

endpoints/api.py

@@ -286,15 +286,9 @@ def get_organization(orgname):
 
 @app.route('/api/organization/<orgname>/private', methods=['GET'])
 def get_organization_private_allowed(orgname):
-  if current_user.is_anonymous():
-    abort(404)
-
-  user = current_user.db_user()
-
-  try:
-    organization = model.get_organization(orgname, username = user.username)
-  except:
-    abort(404)
+  permission = CreateRepositoryPermission(orgname)
+  if permission.can():
+    organization = model.get_organization(orgname)
 
     private_repos = model.get_private_repo_count(organization.username)
     if organization.stripe_id:
@@ -310,6 +304,8 @@ def get_organization_private_allowed(orgname):
       'privateAllowed': False
     })
 
+  abort(403)
+
 
 def member_view(m):
   return {