Issue with `Add New` button for guest authors being visible to read-only users

[rafaucau]

Description

I've encountered an issue with the Co Authors Plus plugin where users with read-only permissions can see the Add New button for guest authors when they possess the list_users capability. This is problematic as they don't have the required permissions to create guest authors. After clicking the Add New button:

Steps to Reproduce

1. Create or edit a user role to have the list_users capability but without permissions to create or edit users and posts.
2. Log in with a user having this role.
3. Navigate to the guest authors list in the admin dashboard.
4. Notice that the Add New button for guest authors is visible and clickable, even though the user should not have permissions to add new guest authors.

Expected Behavior

Users without the required permissions to create guest authors should not see the Add New button.

Actual Behavior

The Add New button for guest authors is visible and clickable for users who only have the list_users capability.

Possible Solution

Check for the appropriate capabilities before rendering the Add New button in the guest authors list.

Additional Context

This can cause confusion as users may think they have permissions to add new guest authors when they actually don't.

[GaryJones]

Looking in the code where this button is added, right before it is a // @todo caps check for creating a new user.

I need to nail down exactly what caps there are for listing the Guest Author page, accessing the Add New page, and successfully submitting a submission from that page, but it shouldn't be difficult to make the Add New button conditionally show - thanks for reporting!

[GaryJones]

Background:

• Take a role like Subscriber which only has read capability.
• Adding list_users to an account with a Subscriber role allows the Users admin menu to appear, and the Guest Authors list page to be accessed.
• However, clicking on the Add New button won't work, as they haven't got permission to edit this post type.
• Allowing edit_posts capability allows the Add New screen to be accessed; currently the list_authors capability is used on the handling of the guest author creation.