FIX: Do not require trust level to invite to group (#13230)

It used to require SiteSetting.min_trust_level_to_allow_invite to
invite a user to a group, even if the user existed and the inviter was
a group owner.

app/controllers/groups_controller.rb

@@ -328,8 +328,6 @@ class GroupsController < ApplicationController
       unless current_user.staff?
         RateLimiter.new(current_user, "public_group_membership", 3, 1.minute).performed!
       end
-    elsif !current_user.has_trust_level?(SiteSetting.min_trust_level_to_allow_invite.to_i)
-      raise Discourse::InvalidAccess
     end
 
     emails = []
@@ -340,6 +338,8 @@ class GroupsController < ApplicationController
       end
     end
 
+    guardian.ensure_can_invite_to_forum!([group]) if emails.present?
+
     if users.empty? && emails.empty?
       raise Discourse::InvalidParameters.new(I18n.t("groups.errors.usernames_or_emails_required"))
     end

spec/requests/groups_controller_spec.rb

@@ -1212,12 +1212,18 @@ describe GroupsController do
       end
 
       it 'does not add users without sufficient permission' do
+        group.add_owner(user)
         sign_in(user)
-        SiteSetting.min_trust_level_to_allow_invite = user.trust_level + 1
-        user2 = Fabricate(:user)
 
-        put "/groups/#{group.id}/members.json", params: { usernames: user2.username }
+        put "/groups/#{group.id}/members.json", params: { usernames: Fabricate(:user).username }
+        expect(response.status).to eq(200)
+      end
 
+      it 'does not send invites if user cannot invite' do
+        group.add_owner(user)
+        sign_in(user)
+
+        put "/groups/#{group.id}/members.json", params: { emails: "test@example.com" }
         expect(response.status).to eq(403)
       end