diff --git a/bookwyrm/models/site.py b/bookwyrm/models/site.py
index 4d891e721..6c2381f8a 100644
--- a/bookwyrm/models/site.py
+++ b/bookwyrm/models/site.py
@@ -146,6 +146,13 @@ class SiteInvite(models.Model):
     user = models.ForeignKey(User, on_delete=models.CASCADE)
     invitees = models.ManyToManyField(User, related_name="invitees")
 
+    # pylint: disable=no-self-use
+    def raise_not_editable(self, viewer):
+        """Admins only"""
+        if viewer.has_perm("bookwyrm.create_invites"):
+            return
+        raise PermissionDenied()
+
     def valid(self):
         """make sure it hasn't expired or been used"""
         return (self.expiry is None or self.expiry > timezone.now()) and (
@@ -169,6 +176,12 @@ class InviteRequest(BookWyrmModel):
     invite_sent = models.BooleanField(default=False)
     ignored = models.BooleanField(default=False)
 
+    def raise_not_editable(self, viewer):
+        """Only check perms on edit, not create"""
+        if not self.id or viewer.has_perm("bookwyrm.create_invites"):
+            return
+        raise PermissionDenied()
+
     def save(self, *args, **kwargs):
         """don't create a request for a registered email"""
         if not self.id and User.objects.filter(email=self.email).exists():
diff --git a/bookwyrm/tests/views/landing/test_invite.py b/bookwyrm/tests/views/landing/test_invite.py
index a58771873..707851e8f 100644
--- a/bookwyrm/tests/views/landing/test_invite.py
+++ b/bookwyrm/tests/views/landing/test_invite.py
@@ -14,6 +14,7 @@ from bookwyrm.tests.validate_html import validate_html
 class InviteViews(TestCase):
     """every response to a get request, html or json"""
 
+    # pylint: disable=invalid-name
     def setUp(self):
         """we need basic test data and mocks"""
         self.factory = RequestFactory()
diff --git a/bookwyrm/views/admin/invite.py b/bookwyrm/views/admin/invite.py
index 7da84c96c..5c9b61fde 100644
--- a/bookwyrm/views/admin/invite.py
+++ b/bookwyrm/views/admin/invite.py
@@ -52,9 +52,9 @@ class ManageInvites(View):
         if not form.is_valid():
             return HttpResponseBadRequest(f"ERRORS: {form.errors}")
 
-        invite = form.save(commit=False)
+        invite = form.save(request, commit=False)
         invite.user = request.user
-        invite.save()
+        invite.save(request)
 
         paginated = Paginator(
             models.SiteInvite.objects.filter(user=request.user).order_by(
@@ -170,7 +170,7 @@ class InviteRequest(View):
         received = False
         if form.is_valid():
             received = True
-            form.save()
+            form.save(request)
 
         data = {"request_form": form, "request_received": received}
         return TemplateResponse(request, "landing/landing.html", data)