diff --git a/pkg/integrations/link_sharing_test.go b/pkg/integrations/link_sharing_test.go
index 59bb63c1a..4bb1e44df 100644
--- a/pkg/integrations/link_sharing_test.go
+++ b/pkg/integrations/link_sharing_test.go
@@ -276,7 +276,7 @@ func TestLinkSharing(t *testing.T) {
 		// Creating a project should always be forbidden
 		t.Run("Create", func(t *testing.T) {
 			t.Run("Nonexisting", func(t *testing.T) {
-				_, err := testHandlerProjectReadOnly.testCreateWithLinkShare(nil, map[string]string{"namespace": "999999"}, `{"title":"Lorem"}`)
+				_, err := testHandlerProjectReadOnly.testCreateWithLinkShare(nil, nil, `{"title":"Lorem"}`)
 				assert.Error(t, err)
 				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
 			})
diff --git a/pkg/models/project_rights.go b/pkg/models/project_rights.go
index c9b9d1066..2ae918442 100644
--- a/pkg/models/project_rights.go
+++ b/pkg/models/project_rights.go
@@ -161,7 +161,16 @@ func (p *Project) CanDelete(s *xorm.Session, a web.Auth) (bool, error) {
 
 // CanCreate checks if the user can create a project
 func (p *Project) CanCreate(s *xorm.Session, a web.Auth) (bool, error) {
-	return p.CanWrite(s, a)
+	if p.ParentProjectID != 0 {
+		parent := &Project{ID: p.ParentProjectID}
+		return parent.CanWrite(s, a)
+	}
+	// Check if we're dealing with a share auth
+	_, is := a.(*LinkSharing)
+	if is {
+		return false, nil
+	}
+	return true, nil
 }
 
 // IsAdmin returns whether the user has admin rights on the project or not