Fix: wrong permissions

htdocs/user/group/list.php

@@ -45,6 +45,14 @@ $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alp
 $search_group=GETPOST('search_group');
 $optioncss = GETPOST('optioncss','alpha');
 
+// Defini si peux lire/modifier utilisateurs et permisssions
+$caneditperms=($user->admin || $user->rights->user->user->creer);
+// Advanced permissions
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$caneditperms=($user->admin || $user->rights->user->group_advance->write);
+}
+
 // Load variable for pagination
 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST('sortfield','alpha');
@@ -131,7 +139,7 @@ if ($resql)
     $text = $langs->trans("ListOfGroups");
 
     $newcardbutton='';
-    if ($user->rights->propal->creer)
+    if ($caneditperms)
     {
     	$newcardbutton='<a class="butAction" href="'.DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=">'.$langs->trans('NewGroup').'</a>';
     }

htdocs/user/list.php

@@ -56,6 +56,9 @@ $pagenext = $page + 1;
 if (! $sortfield) $sortfield="u.login";
 if (! $sortorder) $sortorder="ASC";
 
+// Define value to know what current user can do on users
+$canadduser=(! empty($user->admin) || $user->rights->user->user->creer);
+
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $object = new User($db);
 $hookmanager->initHooks(array('userlist'));
@@ -272,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 $text = $langs->trans("ListOfUsers");
 
 $newcardbutton='';
-if ($user->rights->propal->creer)
+if ($canadduser)
 {
 	$newcardbutton='<a class="butAction" href="'.DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1': '').'&leftmenu=">'.$langs->trans('NewUser').'</a>';
 }