Check rights of Invite creator #182
Description
We recently introduced Invites #134
However, the current implementation makes it possible for users to grant themselves rights to edit things that aren't theirs. To prevent this, we need to perform these checks:
- Check the rights of the Inviter on creating the invite (commit)
- Check the rights of the Inviter on redirecting the Invitee
- Make a test framework for improved flexibility in authorization tests #233
- Set expiration date for invites
I think we need to check this twice, because after an invite has been created, the rights of the creator could have changed.