diff --git a/models/list_create_update.go b/models/list_create_update.go
index 8e1a9c21e..e99bb5ee4 100644
--- a/models/list_create_update.go
+++ b/models/list_create_update.go
@@ -40,15 +40,6 @@ func (l *List) Create(doer *User, id int64) (err error) {
 		return
 	}
 
-	// Get the namespace of the list to check if the user can write to it
-	namespace, err := GetNamespaceByID(l.NamespaceID)
-	if err != nil {
-		return
-	}
-	if !namespace.CanWrite(doer) {
-		return ErrUserDoesNotHaveWriteAccessToNamespace{UserID: user.ID, NamespaceID: namespace.ID}
-	}
-
 	l.Owner.ID = user.ID
 
 	return CreateOrUpdateList(l)
diff --git a/models/list_items_rights.go b/models/list_items_rights.go
index c8bb7ffe2..48bcdd6cc 100644
--- a/models/list_items_rights.go
+++ b/models/list_items_rights.go
@@ -16,3 +16,10 @@ func (i *ListItem) CanUpdate(doer *User, id int64) bool {
 	list, _ := GetListByID(lI.ListID)
 	return list.CanWrite(doer)
 }
+
+// CanCreate determines if a user has the right to create a list item
+func (i *ListItem) CanCreate(doer *User, lID int64) bool {
+	// A user can create an item if he has write acces to its list
+	list, _ := GetListByID(lID)
+	return list.CanWrite(doer)
+}
diff --git a/models/list_rights.go b/models/list_rights.go
index 8c1697697..984527809 100644
--- a/models/list_rights.go
+++ b/models/list_rights.go
@@ -90,3 +90,10 @@ func (l *List) CanUpdate(doer *User, id int64) bool {
 	list, _ := GetListByID(id)
 	return list.CanWrite(doer)
 }
+
+// CanCreate checks if the user can update a list
+func (l *List) CanCreate(doer *User, nID int64) bool {
+	// A user can create a list if he has write access to the namespace
+	n, _ := GetNamespaceByID(nID)
+	return n.CanWrite(doer)
+}
diff --git a/models/namespaces_rights.go b/models/namespaces_rights.go
index a3224f6c4..2dc077359 100644
--- a/models/namespaces_rights.go
+++ b/models/namespaces_rights.go
@@ -87,3 +87,9 @@ func (n *Namespace) CanUpdate(user *User, id int64) bool {
 	nn, _ := GetNamespaceByID(id)
 	return nn.IsAdmin(user)
 }
+
+// CanCreate checks if the user can create a new namespace
+func (n *Namespace) CanCreate(user *User, id int64) bool {
+	// This is currently a dummy function, later on we could imagine global limits etc.
+	return true
+}
diff --git a/models/rights.go b/models/rights.go
index 70149cfb3..e8d1d6ee5 100644
--- a/models/rights.go
+++ b/models/rights.go
@@ -7,4 +7,5 @@ type Rights interface {
 	CanRead(*User) bool
 	CanDelete(*User) bool
 	CanUpdate(*User, int64) bool
+	CanCreate(*User, int64) bool
 }
diff --git a/routes/crud/create.go b/routes/crud/create.go
index 23b5e7da3..2f4851fb3 100644
--- a/routes/crud/create.go
+++ b/routes/crud/create.go
@@ -28,6 +28,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
 		}
 	}
 
+	// Check rights
+	if !c.CObject.CanCreate(&currentUser, id) {
+		return echo.NewHTTPError(http.StatusForbidden)
+	}
+
 	// Create
 	err = c.CObject.Create(&currentUser, id)
 	if err != nil {