FIX: user should not be able to invite to PM if trust level requirment not met

FIX: when personal messages are disabled let user invite to a public topic

app/models/topic.rb

@@ -791,6 +791,7 @@ SQL
 
   def invite(invited_by, username_or_email, group_ids = nil, custom_message = nil)
     target_user = User.find_by_username_or_email(username_or_email)
+    guardian = Guardian.new(invited_by)
 
     if target_user && topic_allowed_users.where(user_id: target_user.id).exists?
       raise UserExists.new(I18n.t("topic_invite.user_exists"))
@@ -798,6 +799,10 @@ SQL
 
     return true if target_user && invite_existing_muted?(target_user, invited_by)
 
+    if private_message? && target_user && !guardian.can_send_private_message?(target_user)
+      raise UserExists.new(I18n.t("activerecord.errors.models.topic.attributes.base.cant_send_pm"))
+    end
+
     if target_user && private_message? && topic_allowed_users.create!(user_id: target_user.id)
       add_small_action(invited_by, "invited_user", target_user.username)
 
@@ -808,7 +813,7 @@ SQL
       )
 
       true
-    elsif username_or_email =~ /^.+@.+$/ && Guardian.new(invited_by).can_invite_via_email?(self)
+    elsif username_or_email =~ /^.+@.+$/ && guardian.can_invite_via_email?(self)
       rate_limit_topic_invitation(invited_by)
 
       if target_user

lib/guardian.rb

@@ -257,11 +257,14 @@ class Guardian
   def can_invite_to?(object, groups = nil)
     return false unless authenticated?
     return true if is_admin?
-    return false unless SiteSetting.enable_personal_messages?
     return false if (SiteSetting.max_invites_per_day.to_i == 0 && !is_staff?)
     return false unless can_see?(object)
     return false if groups.present?
 
+    if object.is_a?(Topic) && object.private_message?
+      return false unless SiteSetting.enable_personal_messages?
+    end
+
     if object.is_a?(Topic) && object.category
       if object.category.groups.any?
         return true if object.category.groups.all? { |g| can_edit_group?(g) }

spec/components/guardian_spec.rb

@@ -474,6 +474,11 @@ describe Guardian do
       it 'returns true for a group owner' do
         expect(Guardian.new(group_owner).can_invite_to?(group_private_topic)).to be_truthy
       end
+
+      it 'returns true for normal user when inviting to topic and PM disabled' do
+        SiteSetting.enable_personal_messages = false
+        expect(Guardian.new(trust_level_2).can_invite_to?(topic)).to be_truthy
+      end
     end
 
     describe "private messages" do

spec/models/topic_spec.rb

@@ -544,6 +544,17 @@ describe Topic do
             expect(Notification.last).to be_blank
           end
         end
+
+        context "when PMs are enabled for TL3 or higher only" do
+          before do
+            SiteSetting.min_trust_to_send_messages = 3
+          end
+
+          it 'should raise error' do
+            expect { topic.invite(user, another_user.username) }
+              .to raise_error(Topic::UserExists)
+          end
+        end
       end
 
       describe 'by email' do