Users who are not allowed to create groups can see buttons for creating groups

Summary

A user that is not allowed to create groups can still see the buttons in the User Interface for creating/importing groups.

Clicking on this button (when not allowed to create groups) will result in a 404 error.

Steps to reproduce

The following describes behaviour for user18. It is applicable to the root user as well.

1. Disable a user18's ability to create a group
   1. navigate to http://gdk.test:3000/admin/users/user18/edit
   2. disable setting for Can create group
      
2. Observe changes for user18:
   1. Under the + dropdown menu, the New group menu-item is missing
   2. Under the Groups dropdown menu, the Create group and Import group is present

Example Project

What is the current bug behavior?

Buttons for creating/importing groups are rendered

What is the expected correct behavior?

Buttons for creating/importing groups are not rendered

Relevant logs and/or screenshots

See above ☝

Output of checks

Tested this on self managed instance / gdk, but I suspect that it should also be the case for .com

Possible fixes

Indent and prepend app/views/layouts/nav/groups_dropdown/_show.html.haml#L15-20 with - if current_user.can_create_group?