From 36f081bf43768b62318cd9dd77c7092dcd18ee70 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Tue, 12 Aug 2014 13:30:28 -0400
Subject: [PATCH] FIX: Don't show the category edit button unless the user can
 edit the category

---
 .../discourse/routes/build-category-route.js.es6      |  2 +-
 .../discourse/routes/discovery_top_routes.js          |  2 +-
 app/models/site.rb                                    |  2 +-
 app/serializers/basic_category_serializer.rb          | 11 ++++++++++-
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/discourse/routes/build-category-route.js.es6 b/app/assets/javascripts/discourse/routes/build-category-route.js.es6
index 04ddbbcac41..2780c8f7156 100644
--- a/app/assets/javascripts/discourse/routes/build-category-route.js.es6
+++ b/app/assets/javascripts/discourse/routes/build-category-route.js.es6
@@ -28,7 +28,7 @@ export default function(filter, params) {
         category: model,
         filterMode: filterMode,
         noSubcategories: params && params.no_subcategories,
-        canEditCategory: Discourse.User.currentProp('staff'),
+        canEditCategory: model.get('can_edit'),
         canChangeCategoryNotificationLevel: Discourse.User.current()
       });
     },
diff --git a/app/assets/javascripts/discourse/routes/discovery_top_routes.js b/app/assets/javascripts/discourse/routes/discovery_top_routes.js
index 1626965da86..f8c960881c9 100644
--- a/app/assets/javascripts/discourse/routes/discovery_top_routes.js
+++ b/app/assets/javascripts/discourse/routes/discovery_top_routes.js
@@ -66,7 +66,7 @@ Discourse.DiscoveryTopCategoryRoute = Discourse.Route.extend(Discourse.OpenCompo
 
     var opts = { category: model, filterMode: filterMode };
     opts.noSubcategories = noSubcategories;
-    opts.canEditCategory = Discourse.User.currentProp('staff');
+    opts.canEditCategory = model.get('can_edit');
     this.controllerFor('navigation/category').setProperties(opts);
 
     return Discourse.TopList.find(filterMode).then(function(list) {
diff --git a/app/models/site.rb b/app/models/site.rb
index 752f5124f37..175ddf16dee 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -75,7 +75,7 @@ class Site
     end
 
     site = Site.new(guardian)
-    MultiJson.dump(SiteSerializer.new(site, root: false))
+    MultiJson.dump(SiteSerializer.new(site, root: false, scope: guardian))
   end
 
 end
diff --git a/app/serializers/basic_category_serializer.rb b/app/serializers/basic_category_serializer.rb
index 3ca2ffa13aa..cce1ee3f44f 100644
--- a/app/serializers/basic_category_serializer.rb
+++ b/app/serializers/basic_category_serializer.rb
@@ -14,7 +14,8 @@ class BasicCategorySerializer < ApplicationSerializer
              :parent_category_id,
              :notification_level,
              :logo_url,
-             :background_url
+             :background_url,
+             :can_edit
 
   def include_parent_category_id?
     parent_category_id
@@ -23,4 +24,12 @@ class BasicCategorySerializer < ApplicationSerializer
   def description
     object.uncategorized? ? SiteSetting.uncategorized_description : object.description
   end
+
+  def can_edit
+    true
+  end
+  def include_can_edit?
+    scope && scope.can_edit?(object)
+  end
+
 end