DEV: Reuse can_invite_to_forum? in can_invite_to? (PR #14392)

This commit resolves refactors can_invite_to? to use can_invite_to_forum? for checking the site-wide permissions and then perform topic specific checkups.

can_invite_to_forum? was never used with a parameter, so it was removed.

Similarly, can_invite_to? is always used with a topic object and this is now enforced.

There was another problem before when must_approve_users site setting was not checked when inviting users to forum, but was checked when inviting to a topic.

Another minor security issue was that group owners could invite to group topics even if they did not have the minimum trust level to do it.


Parameter unused.

SiteSetting.must_approve_users was not checked before.

can_invite_to? is used only for topics, so I enforced that.

This whole codeblock was overcomplicated.

This condition was moved up-top, which means that it will be checked even when inviting to a restricted category.

The repetition of (is_staff? || is “tickling” my OCD but it’s still quite readable.

I had to choose between the repetition of is_staff? and a very long condition like is_staff? || (A && B && C). I found the latter to be much more difficult to read.