diff --git a/xwiki-platform-core/xwiki-platform-oldcore/pom.xml b/xwiki-platform-core/xwiki-platform-oldcore/pom.xml
index 1a18cf7..aa57080 100644
--- a/xwiki-platform-core/xwiki-platform-oldcore/pom.xml
+++ b/xwiki-platform-core/xwiki-platform-oldcore/pom.xml
@@ -565,6 +565,11 @@
xwiki-platform-localization-api
${project.version}
+
+ org.xwiki.platform
+ xwiki-platform-security-api
+ ${project.version}
+
diff --git a/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/CreateAction.java b/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/CreateAction.java
index e391ea6..9b5ed07 100644
--- a/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/CreateAction.java
+++ b/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/CreateAction.java
@@ -33,6 +33,7 @@
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceSerializer;
+import org.xwiki.model.reference.SpaceReference;
import org.xwiki.query.Query;
import org.xwiki.query.QueryManager;
@@ -43,6 +44,8 @@
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.util.Util;
+import org.xwiki.security.authorization.AuthorizationManager;
+import org.xwiki.security.authorization.Right;
/**
* Create document action.
@@ -159,6 +162,15 @@ public String render(XWikiContext context) throws XWikiException
getNewDocumentReference(context, space, page, isSpace, templateProvider, availableTemplates);
if (newDocRef != null) {
+ // Checking rights
+ SpaceReference spaceReference = newDocRef.getLastSpaceReference();
+ AuthorizationManager authManager = Utils.getComponent(AuthorizationManager.class);
+ if(!authManager.hasAccess(Right.EDIT, context.getUserReference(), spaceReference)){
+ Object[] args = {spaceReference.toString(), context.getUser()};
+ throw new XWikiException(XWikiException.MODULE_XWIKI_ACCESS, XWikiException.ERROR_XWIKI_ACCESS_DENIED,
+ "The creation of a document into the space {0} has been denied to user {1}", null, args);
+ }
+
XWikiDocument newDoc = context.getWiki().getDocument(newDocRef, context);
// if the document exists don't create it, put the exception on the context so that the template gets it and
// re-requests the page and space, else create the document and redirect to edit
diff --git a/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-bridge/src/main/java/org/xwiki/security/authorization/internal/XWikiCachingRightService.java b/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-bridge/src/main/java/org/xwiki/security/authorization/internal/XWikiCachingRightService.java
index 352a848..6fab715 100644
--- a/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-bridge/src/main/java/org/xwiki/security/authorization/internal/XWikiCachingRightService.java
+++ b/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-bridge/src/main/java/org/xwiki/security/authorization/internal/XWikiCachingRightService.java
@@ -116,7 +116,7 @@
.putAction("objectsync", Right.EDIT)
.putAction("rollback", Right.EDIT)
.putAction("upload", Right.EDIT)
- .putAction("create", Right.EDIT)
+ .putAction("create", Right.VIEW)
.putAction("deleteversions", Right.ADMIN)
.putAction("deletespace", Right.ADMIN)
.putAction("temp", Right.VIEW);