From 38af28d58bd1652d524306e8fe170178115ce43e Mon Sep 17 00:00:00 2001
From: Bianca Nenciu <nbianca@users.noreply.github.com>
Date: Fri, 21 May 2021 11:34:17 +0300
Subject: [PATCH] FIX: Allow add email to group if user can invite (#13097)

It used to allow adding email addresses to a group even if invites were
disabled for the site. This does not allow user to input email address
if they cannot invite.

The second thing this commit improves is the message that is displayed
to the user when they hit the invite rate limit.
---
 .../app/templates/modal/group-add-members.hbs          | 10 +++++++---
 app/controllers/groups_controller.rb                   | 10 +++++++++-
 config/locales/client.en.yml                           |  8 ++++++--
 config/locales/server.en.yml                           |  3 +++
 lib/rate_limiter/limit_exceeded.rb                     |  6 ++++--
 5 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/app/assets/javascripts/discourse/app/templates/modal/group-add-members.hbs b/app/assets/javascripts/discourse/app/templates/modal/group-add-members.hbs
index 5e0e9cd718f..9a7427f8763 100644
--- a/app/assets/javascripts/discourse/app/templates/modal/group-add-members.hbs
+++ b/app/assets/javascripts/discourse/app/templates/modal/group-add-members.hbs
@@ -2,7 +2,11 @@
   <form class="form-vertical group-add-members">
     <div class="control-group">
       <label class="control-label">
-        {{i18n "groups.add_members.usernames"}}
+        {{#if currentUser.can_invite_to_forum}}
+          {{i18n "groups.add_members.usernames_or_emails.title"}}
+        {{else}}
+          {{i18n "groups.add_members.usernames.title"}}
+        {{/if}}
       </label>
       <p class="description">
         {{i18n "groups.add_members.description"}}
@@ -14,8 +18,8 @@
         id="group-add-members-user-selector"
         onChange=(action (mut usernamesAndEmails))
         options=(hash
-          allowEmails=true
-          filterPlaceholder="groups.add_members.input_placeholder"
+          allowEmails=currentUser.can_invite_to_forum
+          filterPlaceholder=(if currentUser.can_invite_to_forum "groups.add_members.usernames_or_emails.input_placeholder" "groups.add_members.usernames.input_placeholder")
         )
       }}
     </div>
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 576509eaaf9..69dff9cf26d 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -368,7 +368,15 @@ class GroupsController < ApplicationController
       end
 
       emails.each do |email|
-        Invite.generate(current_user, email: email, group_ids: [group.id])
+        begin
+          Invite.generate(current_user, email: email, group_ids: [group.id])
+        rescue RateLimiter::LimitExceeded => e
+          return render_json_error(I18n.t(
+            "invite.rate_limit",
+            count: SiteSetting.max_invites_per_day,
+            time_left: e.time_left
+          ))
+        end
       end
 
       render json: success_json.merge!(
diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml
index 9ecbdd6df41..ba78980f2c8 100644
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@@ -660,8 +660,12 @@ en:
       add_members:
         title: "Add members to %{group_name}"
         description: "You can also paste in a comma separated list."
-        usernames: "Enter usernames or email addresses"
-        input_placeholder: "Usernames or emails"
+        usernames_or_emails:
+          title: "Enter usernames or email addresses"
+          input_placeholder: "Usernames or emails"
+        usernames:
+          title: "Enter usernames"
+          input_placeholder: "Usernames"
         notify_users: "Notify users"
       requests:
         title: "Requests"
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 57dffffcb1b..977b2836ec1 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -243,6 +243,9 @@ en:
     user_exists: "There's no need to invite <b>%{email}</b>, they <a href='%{base_path}/u/%{username}/summary'>already have an account!</a>"
     invite_exists: "You already invited <b>%{email}</b>."
     invalid_email: "%{email} isn't a valid email address."
+    rate_limit:
+      one: "You have already sent %{count} invite in the last day, please wait %{time_left} before trying again."
+      other: "You have already sent %{count} invites in the last day, please wait %{time_left} before trying again."
     confirm_email: "<p>You’re almost done! We sent an activation mail to your email address. Please follow the instructions in the mail to activate your account.</p><p>If it doesn’t arrive, check your spam folder.</p>"
     cant_invite_to_group: "You are not allowed to invite users to specified group(s). Make sure you are owner of the group(s) you are trying to invite to."
     disabled_errors:
diff --git a/lib/rate_limiter/limit_exceeded.rb b/lib/rate_limiter/limit_exceeded.rb
index 8b624a074ed..8aa4532430e 100644
--- a/lib/rate_limiter/limit_exceeded.rb
+++ b/lib/rate_limiter/limit_exceeded.rb
@@ -11,8 +11,8 @@ class RateLimiter
       @type = type
     end
 
-    def description
-      time_left =
+    def time_left
+      @time_left ||=
         if @available_in <= 3
           I18n.t("rate_limiter.short_time")
         elsif @available_in < 1.minute.to_i
@@ -22,7 +22,9 @@ class RateLimiter
         else
           I18n.t("rate_limiter.hours", count: (@available_in / 1.hour.to_i))
         end
+    end
 
+    def description
       if @type.present?
         type_key = @type.tr("-", "_")
         msg = I18n.t("rate_limiter.by_type.#{type_key}", time_left: time_left, default: "")