FIX: only staff can access 'resend all invites' feature

app/assets/javascripts/discourse/controllers/user-invited-show.js.es6

@@ -35,7 +35,7 @@ export default Ember.Controller.extend({
   inviteRedeemed: Em.computed.equal('filter', 'redeemed'),
 
   showReinviteAllButton: function() {
-    return (this.get('filter') === "pending" && this.get('model').invites.length > 4);
+    return (this.get('filter') === "pending" && this.get('model').invites.length > 4 && this.currentUser.get('staff'));
   }.property('filter'),
 
   /**

app/controllers/invites_controller.rb

@@ -141,14 +141,10 @@ class InvitesController < ApplicationController
   end
 
   def resend_all_invites
-    guardian.ensure_can_invite_to_forum!
+    guardian.ensure_can_resend_all_invites!(current_user)
-    RateLimiter.new(current_user, "resend-all-invites-per-day", 1, 1.day).performed!
 
     Invite.resend_all_invites_from(current_user.id)
     render nothing: true
-
-  rescue RateLimiter::LimitExceeded
-    render_json_error(I18n.t("rate_limiter.slow_down"))
   end
 
   def check_csv_chunk

lib/guardian.rb

@@ -246,6 +246,10 @@ class Guardian
     user.staff?
   end
 
+  def can_resend_all_invites?(user)
+    user.staff?
+  end
+
   def can_see_private_messages?(user_id)
     is_admin? || (authenticated? && @user.id == user_id)
   end