The permission check for creating user groups currently erroneously checks for the permission to create users. This should be corrected to reference the correct permission flag.
NOTE: While this logic error is goofy, it does not have security implications. A user with permission to create other users and the unintentional permission to create user groups would not be able to leverage that access to gain or grant any additional privileges:
- A user cannot add users to a group unless they already have sufficient privileges to grant permissions to those users directly.
- A user cannot grant any permissions to a group that they cannot already grant to a user.