FIX: Validate post's polls as acting user (#16638)

It used to validate the post from the perspective of the user who
created the post. That did not work well when an admin attempted to
add a poll to a post created by a user who cannot create posts because
it said the user cannot create polls.

The problem was that it used post.user for the validation process
instead of post.acting_user.

plugins/poll/lib/post_validator.rb

@@ -9,7 +9,7 @@ module DiscoursePoll
     def validate_post
       min_trust_level = SiteSetting.poll_minimum_trust_level_to_create
 
-      if @post&.user&.staff? || @post&.user&.trust_level >= TrustLevel[min_trust_level] || @post&.topic&.pm_with_non_human_user?
+      if (@post.acting_user && (@post.acting_user.staff? || @post.acting_user.trust_level >= TrustLevel[min_trust_level])) || @post.topic&.pm_with_non_human_user?
         true
       else
         @post.errors.add(:base, I18n.t("poll.insufficient_rights_to_create"))

plugins/poll/spec/controllers/posts_controller_spec.rb

@@ -443,4 +443,28 @@ describe PostsController do
       expect(Poll.exists?(post_id: json["id"])).to eq(true)
     end
   end
+
+  describe "staff editing posts of users with insufficient trust level" do
+    before do
+      SiteSetting.poll_minimum_trust_level_to_create = 2
+    end
+
+    it "validates the post" do
+      log_in_user(Fabricate(:user, trust_level: 1))
+
+      post :create, params: { title: title, raw: title }, format: :json
+
+      expect(response.status).to eq(200)
+      post_id = response.parsed_body["id"]
+
+      log_in_user(Fabricate(:admin))
+
+      put :update, params: {
+        id: post_id, post: { raw: "#{title}\n[poll]\n- A\n- B\n- C\n[/poll]" }
+      }, format: :json
+
+      expect(response.status).to eq(200)
+      expect(response.parsed_body["post"]["polls"][0]["options"][2]["html"]).to eq("C")
+    end
+  end
 end