user_groups: Check can_leave_group when removing members.

zerver/views/user_groups.py

@@ -345,9 +345,22 @@ def remove_members_from_group_backend(
     members: list[int],
 ) -> HttpResponse:
     user_profiles = user_ids_to_users(members, user_profile.realm, allow_deactivated=False)
-    user_group = access_user_group_for_update(
-        user_group_id, user_profile, permission_setting="can_manage_group"
-    )
+    if len(members) == 1 and user_profile.id == members[0]:
+        try:
+            user_group = access_user_group_for_update(
+                user_group_id, user_profile, permission_setting="can_leave_group"
+            )
+        except JsonableError:
+            # User can leave the group if user has the permission to
+            # manage the group.
+            user_group = access_user_group_for_update(
+                user_group_id, user_profile, permission_setting="can_manage_group"
+            )
+    else:
+        user_group = access_user_group_for_update(
+            user_group_id, user_profile, permission_setting="can_manage_group"
+        )
+
     group_member_ids = get_user_group_direct_member_ids(user_group)
     for member in members:
         if member not in group_member_ids: