FIX: Do not require trust level to invite to group (#13230)

FIX: Do not require trust level to invite to group (#13230)

It used to require SiteSetting.min_trust_level_to_allow_invite to invite a user to a group, even if the user existed and the inviter was a group owner.

diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 3d6e626..3196fa1 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -328,8 +328,6 @@ class GroupsController < ApplicationController
       unless current_user.staff?
         RateLimiter.new(current_user, "public_group_membership", 3, 1.minute).performed!
       end
-    elsif !current_user.has_trust_level?(SiteSetting.min_trust_level_to_allow_invite.to_i)
-      raise Discourse::InvalidAccess
     end
 
     emails = []
@@ -340,6 +338,8 @@ class GroupsController < ApplicationController
       end
     end
 
+    guardian.ensure_can_invite_to_forum!([group]) if emails.present?
+
     if users.empty? && emails.empty?
       raise Discourse::InvalidParameters.new(I18n.t("groups.errors.usernames_or_emails_required"))
     end
diff --git a/spec/requests/groups_controller_spec.rb b/spec/requests/groups_controller_spec.rb
index 8a3d468..1ef1174 100644
--- a/spec/requests/groups_controller_spec.rb
+++ b/spec/requests/groups_controller_spec.rb
@@ -1212,12 +1212,18 @@ describe GroupsController do
       end
 
       it 'does not add users without sufficient permission' do
+        group.add_owner(user)
         sign_in(user)
-        SiteSetting.min_trust_level_to_allow_invite = user.trust_level + 1
-        user2 = Fabricate(:user)
 
-        put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
+        put "/groups/#{group.id}/members.json", params: { usernames: Fabricate(:user).username }
+        expect(response.status).to eq(200)
+      end
+
+      it 'does not send invites if user cannot invite' do
+        group.add_owner(user)
+        sign_in(user)
 
+        put "/groups/#{group.id}/members.json", params: { emails: "test@example.com" }
         expect(response.status).to eq(403)
       end
 

GitHub sha: d2135b23

This commit appears in #13230 which was approved by eviltrout. It was merged by udan11.

This commit has been mentioned on Discourse Meta. There might be relevant details there: