FIX: Make ChatMessageUpdater check editing access for guardian (#18902)

Follow up to 766bcbc6840c9d665055441bcd77616b3a96e10e

This fixes a gaffe from that commit where I passed in the
guardian to ChatMessageUpdater but then forgot to remove
the old way of setting the guardian and user instance variables
from the chat_message that was passed in.

Also, it moves the ensure_can_edit_message! check from the
controller into ChatMessageUpdater so all the access
checks are in the same place.

plugins/chat/spec/components/chat_message_updater_spec.rb

@@ -31,10 +31,7 @@ describe Chat::ChatMessageUpdater do
     end
     Group.refresh_automatic_groups!
     @direct_message_channel =
-      Chat::DirectMessageChannelCreator.create!(
-        acting_user: user1,
-        target_users: [user1, user2],
-      )
+      Chat::DirectMessageChannelCreator.create!(acting_user: user1, target_users: [user1, user2])
   end
 
   def create_chat_message(user, message, channel, upload_ids: nil)
@@ -71,6 +68,19 @@ describe Chat::ChatMessageUpdater do
     expect(chat_message.reload.message).to eq(og_message)
   end
 
+  it "errors if a user other than the message user is trying to edit the message" do
+    og_message = "This won't be changed!"
+    chat_message = create_chat_message(user1, og_message, public_chat_channel)
+    new_message = "2 short"
+    updater = Chat::ChatMessageUpdater.update(
+      guardian: Guardian.new(Fabricate(:user)),
+      chat_message: chat_message,
+      new_content: new_message,
+    )
+    expect(updater.failed?).to eq(true)
+    expect(updater.error).to match(Discourse::InvalidAccess)
+  end
+
   it "it updates a messages content" do
     chat_message = create_chat_message(user1, "This will be changed", public_chat_channel)
     new_message = "Change to this!"