What happened?

Description

Even if a user is part of a group that only has 'View' permissions for a volume they still see the 'Enable focal point' button in the image preview.

This is also an issue on the latest v4 of Craft CMS.

Steps to reproduce

1. Install latest v5 version of Craft CMS and upgrade to Pro (I guess Team would be the same)
2. Create a local filesystem and volume
3. Upload a test image
4. Create a user group that only has the 'View assets' and 'View assets uploaded by other users' permission.
5. Create a test user and add them to the group created in step 4.
6. Activate their account and copy the impersonation URL to use in a private/incognito window
7. Whilst logged in as this user, navigate to the uploaded test image's edit page in Assets.
8. Click on the 'Preview image' button on the image thumbnail, to display the image preview modal
9. Hover over the image preview with the mouse
10. The user can still see the 'Enable focal point' button despite not having permissions. Clicking on it does nothing, but the button should not even be visible.

Expected behavior

The 'Enable focal point' button should not be visible on the image preview modal to users that do not have permissions to edit assets/images.

Actual behavior

The 'Enable focal point' button is still visible on the image preview modal to users that do not have permissions to edit assets/images.

Screenshots

Screenshot of user permissions:

Screenshot of image preview modal showing focal point button:

Craft CMS version

5.6.13

PHP version

No response

Operating system and version

No response

Database type and version

No response

Image driver and version

No response

Installed plugins and versions

No plugins installed.