Permission's bug for creating channels

[dachnikrus]

Description:

Server Setup Information:

• Version of Rocket.Chat Server: 0.62.2
• Operating System: Linux, Debian 9
• Deployment Method(snap/docker/tar/etc): snap
• Number of Running Instances: 1
• DB Replicaset Oplog: none
• Node Version: v8.8.1

Steps to Reproduce:

1. Make a role e.g. Client, uncheck all permissions, except "View Direct Messages" and View Joined Room
2. User with this role (Client) goes to "Directory" in the sidebar -> clicks " + " on the right and has a create room window, where can enter channel's name and invite users. But, while inviting users, autosuggestion can show nicknames of all people. In other cases, this user can not find any user, except direct messages.
3. Of course, this room won't be created due to permissions of this type of user.

Expected behavior:

Do not show any other users in autosuggestion. Or, do not show button " + " for creating rooms by users who have not these type of permission.
For example, by adding another permission "Create Channel"

[chuckAtCataworx]

I have also noticed this same issue in the add users feature. Accessed when in a channel or group from the top right of the screen.

As far as removing the + button in the directory there is a permission that already exists to create channels and create private groups.

As for the expected behavior I think it would be acceptable to remove the + button if both the create channel and create private groups permissions are disabled. If only one is disabled, I would remove the toggle switch in the channel creation template but provide feed back to the user as to what type of room they are creating.

Similar logic for the add user button. If the permission is disabled for adding user to private groups then hide that button when in private groups. Do the same for channels

[chuckAtCataworx]

I would like to work on it?