diff --git a/data/model.py b/data/model.py
index 5d3b4d692..864ce1e2a 100644
--- a/data/model.py
+++ b/data/model.py
@@ -269,7 +269,7 @@ def get_user_organizations(username):
 
 def get_organization(name):
   try:
-    return User.get(username = name, organization = True)
+    return User.get(username=name, organization=True)
   except User.DoesNotExist:
     raise InvalidOrganizationException('Organization does not exist: %s' %
                                        name)
diff --git a/endpoints/api.py b/endpoints/api.py
index 6d5aedea7..2e5ff3b21 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -285,30 +285,25 @@ def get_organization(orgname):
 
 
 @app.route('/api/organization/<orgname>/private', methods=['GET'])
-def get_organization_private_allowed(orgname):  
-  if current_user.is_anonymous():
-    abort(404)
-
-  user = current_user.db_user()
-
-  try:
+def get_organization_private_allowed(orgname):
+  permission = CreateRepositoryPermission(orgname)
+  if permission.can():
     organization = model.get_organization(orgname)
-  except:
-    abort(404)
 
-  private_repos = model.get_private_repo_count(organization.username)
-  if organization.stripe_id:
-    cus = stripe.Customer.retrieve(organization.stripe_id)
+    private_repos = model.get_private_repo_count(organization.username)
+    if organization.stripe_id:
+      cus = stripe.Customer.retrieve(organization.stripe_id)
+      if cus.subscription:
+        repos_allowed = get_plan(cus.subscription.plan.id)
+        return jsonify({
+          'privateAllowed': (private_repos < repos_allowed)
+        })
+      
+    return jsonify({
+      'privateAllowed': False
+    })
 
-    if cus.subscription:
-      repos_allowed = get_plan(cus.subscription.plan.id)
-      return jsonify({
-        'privateAllowed': (private_repos < repos_allowed)
-      })
-    
-  return jsonify({
-    'privateAllowed': False
-  })
+  abort(403)
 
 
 def member_view(m):