FIX: Handle separately invite to topic and forum (#14562)

FIX: Handle separately invite to topic and forum (#14562)

Invite is used in two contexts, when inviting a new user to the forum and when inviting an existent user to a topic. The first case is more complex and it involves permission checks to ensure that new users can be created. In the second case, it is enough to ensure that the topic is visible for both users and that all preconditions are met.

One edge case is the invite to topic via email functionality which checks for both conditions because first the user must be invited to create an account first and then to the topic.

A side effect of these changes is that all site settings related to invites refer to inviting new users only now.

diff --git a/lib/guardian.rb b/lib/guardian.rb
index 865a2fb..385dccd 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -365,7 +365,7 @@ class Guardian
   end
 
   def can_invite_to?(object, groups = nil)
-    return false if !can_invite_to_forum?(groups)
+    return false if !authenticated?
     return false if !object.is_a?(Topic) || !can_see?(object)
     return false if groups.present?
 
@@ -385,6 +385,7 @@ class Guardian
   end
 
   def can_invite_via_email?(object)
+    return false if !can_invite_to_forum?
     return false if !can_invite_to?(object)
 
     (SiteSetting.enable_local_logins || SiteSetting.enable_discourse_connect) &&
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index 56d4b0a..0185b32 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -548,11 +548,11 @@ describe Guardian do
         expect(Guardian.new(nil).can_invite_to?(topic)).to be_falsey
         expect(Guardian.new(moderator).can_invite_to?(nil)).to be_falsey
         expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
-        expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_falsey
+        expect(Guardian.new(trust_level_1).can_invite_to?(topic)).to be_truthy
 
         SiteSetting.max_invites_per_day = 0
 
-        expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
+        expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy
         # staff should be immune to max_invites_per_day setting
         expect(Guardian.new(moderator).can_invite_to?(topic)).to be_truthy
       end
@@ -575,9 +575,9 @@ describe Guardian do
         expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy
       end
 
-      it 'fails for normal users if must_approve_users' do
+      it 'return true for normal users even if must_approve_users' do
         SiteSetting.must_approve_users = true
-        expect(Guardian.new(user).can_invite_to?(topic)).to be_falsey
+        expect(Guardian.new(user).can_invite_to?(topic)).to be_truthy
         expect(Guardian.new(admin).can_invite_to?(topic)).to be_truthy
       end
 
@@ -644,23 +644,6 @@ describe Guardian do
         end
       end
 
-      context "when private messages are enabled" do
-        before do
-          SiteSetting.enable_personal_messages = true
-          SiteSetting.min_trust_level_to_allow_invite = 2
-        end
-
-        it "returns true if user has sufficient trust level" do
-          user.trust_level = 2
-          expect(Guardian.new(user).can_invite_to?(pm)).to be_truthy
-        end
-
-        it "returns false if user has sufficient trust level" do
-          user.trust_level = 1
-          expect(Guardian.new(user).can_invite_to?(pm)).to be_falsey
-        end
-      end
-
       context "when PM has reached the maximum number of recipients" do
         before do
           SiteSetting.max_allowed_message_recipients = 2

GitHub sha: d0bd96e19c7bdf40d05c2f111bc832fca421c78b

This commit appears in #14562 which was approved by eviltrout and ZogStriP. It was merged by udan11.