Apply DefaultUserIsRestricted in CreateUser

models/user/user.go

@@ -637,6 +637,7 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
 	u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
 	u.MaxRepoCreation = -1
 	u.Theme = setting.UI.DefaultTheme
+	u.IsRestricted = u.IsRestricted || setting.Service.DefaultUserIsRestricted
 
 	// overwrite defaults if set
 	if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {

routers/web/auth/auth.go

@@ -511,7 +511,6 @@ func SignUpPost(ctx *context.Context) {
 		Email:    form.Email,
 		Passwd:   form.Password,
 		IsActive: !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm),
-		IsRestricted: setting.Service.DefaultUserIsRestricted,
 	}
 
 	if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, false) {

routers/web/auth/oauth.go

@@ -874,7 +874,6 @@ func SignInOAuthCallback(ctx *context.Context) {
 				LoginType:   auth.OAuth2,
 				LoginSource: authSource.ID,
 				LoginName:   gothUser.UserID,
-				IsRestricted: setting.Service.DefaultUserIsRestricted,
 			}
 
 			setUserGroupClaims(authSource, u, &gothUser)