FIX: Make ChatMessageUpdater check editing access for guardian (#18902)

Follow up to 766bcbc684

This fixes a gaffe from that commit where I passed in the
guardian to ChatMessageUpdater but then forgot to remove
the old way of setting the guardian and user instance variables
from the chat_message that was passed in.

Also, it moves the ensure_can_edit_message! check from the
controller into ChatMessageUpdater so all the access
checks are in the same place.

plugins/chat/lib/chat_message_updater.rb

@@ -15,8 +15,6 @@ class Chat::ChatMessageUpdater
     @chat_message = chat_message
     @old_message_content = chat_message.message
     @chat_channel = @chat_message.chat_channel
-    @user = @chat_message.user
-    @guardian = Guardian.new(@user)
     @new_content = new_content
     @upload_ids = upload_ids
     @error = nil
@@ -25,6 +23,7 @@ class Chat::ChatMessageUpdater
   def update
     begin
       validate_channel_status!
+      @guardian.ensure_can_edit_chat!(@chat_message)
       @chat_message.message = @new_content
       @chat_message.last_editor_id = @user.id
       upload_info = get_upload_info
@@ -48,10 +47,6 @@ class Chat::ChatMessageUpdater
 
   private
 
-  # TODO (martin) Since we have guardian here now we should move
-  # guardian.ensure_can_edit_chat!(@message) from the controller into
-  # this class.
-
   def validate_channel_status!
     return if @guardian.can_modify_channel_message?(@chat_channel)
     raise StandardError.new(