Behavior of create_repo API as a general user

[toras]

Hi

I have doubts about the behavior of 'create_repo' in Kallithea's API, so 
I will post it.
The version of kallithea I'm using is 0.6.3.

A 'create_repo' request to a repository group for which the account has 
write permissions also appears to fail if top-level repository creation 
is disabled.
The same request succeeds when I enable the create top-level repository 
setting.
Regardless of top-level settings, I can use that account to create 
repositories from the web into repository groups.

I didn't understand if the explanation of 'Note' on the setting screen 
means "Failed even if I have write permission".

For the time being, the situation I tried is described below.

The request was made like this.
```
curl http://localhost:5000/_admin/api -X POST -H 
'content-type:text/plain' --data-binary 
'{"id":1,"api_key":"0ae8322ce787f08771c6b3570765318fb0360ad6","method":"create_repo","args":{"repo_name":"grp/test", 
"repo_type":"git"}}'
```

The response in case of failure is like this.
```
{"id": 1, "result": null, "error": "Internal server error"}
```

The console output of kallithea at that time looks like the following.
```
2021-01-02 17:25:23.087 DEBUG [JSONRPC] Trying to find JSON-RPC method: 
create_repo
2021-01-02 17:25:23.087 INFO  [JSONRPC] IP: 127.0.0.1 Request to 
/_admin/api time: 0.012s
2021-01-02 17:25:23.127 ERROR [JSONRPC] Encountered unhandled exception: 
Traceback (most recent call last):
   File 
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/controllers/api/__init__.py", 
line 225, in _rpc_call
     raw_response = getattr(self, action)(**rpc_args)
   File "<decorator-gen-73>", line 2, in create_repo
   File 
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/lib/auth.py", 
line 664, in __wrapper
     raise HTTPForbidden()
webob.exc.HTTPForbidden: Access was denied to this resource.
```

# I rely on translation tools. I'm sorry if there is a strange sentence.


Thanks

----
toras9000