make the mover macro check user rights

diff --git a/site/templates/common/default.tmpl b/site/templates/common/default.tmpl
index 68c56e2af620737a421eb86b4a86bb6976b9c172..446fc3c7cf213cc1b59ec68620704b373924df8b 100644 (file)
--- a/site/templates/common/default.tmpl
+++ b/site/templates/common/default.tmpl
@@ -47,13 +47,13 @@ Reorder child articles:
   <:.else -:>
     <:.if kids.size < article.threshold :>
       <:.for child in kids -:>
-        <:.call "mover", "parent":article -:>
+        <:.call "mover", "parent":article, "request":generator.request -:>
         <:= generator.vembed(child) |raw -:>
        <:.end for -:>
     <:.else -:>
       <:.for child in kids -:>
 <div class="child">
-  <h1><:= generator.thumbnail(child) :><a href="<:= url(child):>"><:= child.title -:></a><:.call "mover", "parent":article :><h1>
+  <h1><:= generator.thumbnail(child) |raw:><a href="<:= url(child):>"><:= child.title -:></a><:.call "mover", "parent":article, "request":generator.request:><h1>
         <:.if child.summaryLength -:>
       <div><:= generator.summary(child) :></div>
         <:.end if -:>

diff --git a/site/templates/preload.tmpl b/site/templates/preload.tmpl
index 9aa16175b8de3d8e3d4491dea762edc991d0c0c9..b5f5b9a99f2e610e285814443f298b1046226077 100644 (file)
--- a/site/templates/preload.tmpl
+++ b/site/templates/preload.tmpl
@@ -365,24 +365,26 @@ parameters:
 <:.end define -:>
 
 <:.define mover -:>
-<:# expects loop, parent
+<:# expects loop, request, parent
   which in most cases means you can just supply parent
 -:>
-<:.set width = cfg.entry("arrows", "width", 17) -:>
-<:.set height = cfg.entry("arrows", "height", 13) -:>
-<:.set extras = 'width="' _ width _ '" height="' _ height _ '"' -:>
-<:.set blankim = '<img src="' _ (dist_image_uri _ "/trans_pixel.gif").escape("html") _ '" alt="" ' _ extras _ ' />' -:>
-<:.if loop.prev -:>
-  <:.set upimg = cfg.entry("arrows", "upimg", dist_image_uri _ "/admin/move_up.gif") -:>
-<a href="<:= cfg.admin_url("move", { "stepparent":parent.id, "d":"swap", "id":loop.current.id, "other":loop.prev.id, "r":top.admin }) :>"><img src="<:= upimg :>" <:= extras :> /></a>
-<:.else -:>
-<:= blankim |raw-:>
-<:.end if -:>
-<:.if loop.next -:>
-  <:.set downimg = cfg.entry("arrows", "downimg", dist_image_uri _ "/admin/move_down.gif") -:>
-<a href="<:= cfg.admin_url("move", { "stepparent":parent.id, "d":"swap", "id":loop.current.id, "other":loop.next.id, "r":top.admin }) :>"><img src="<:= downimg :>" <:= extras :> /></a>
-<:.else -:>
-<:= blankim |raw-:>
+<:.if request.user_can("bse_edit_reorder_children", parent) -:>
+  <:.set width = cfg.entry("arrows", "width", 17) -:>
+  <:.set height = cfg.entry("arrows", "height", 13) -:>
+  <:.set extras = 'width="' _ width _ '" height="' _ height _ '"' -:>
+  <:.set blankim = '<img src="' _ (dist_image_uri _ "/trans_pixel.gif").escape("html") _ '" alt="" ' _ extras _ ' />' -:>
+  <:.if loop.prev -:>
+    <:.set upimg = cfg.entry("arrows", "upimg", dist_image_uri _ "/admin/move_up.gif") -:>
+  <a href="<:= cfg.admin_url("move", { "stepparent":parent.id, "d":"swap", "id":loop.current.id, "other":loop.prev.id, "r":top.admin }) :>"><img src="<:= upimg :>" <:= extras :> /></a>
+  <:.else -:>
+  <:= blankim |raw-:>
+  <:.end if -:>
+  <:.if loop.next -:>
+    <:.set downimg = cfg.entry("arrows", "downimg", dist_image_uri _ "/admin/move_down.gif") -:>
+  <a href="<:= cfg.admin_url("move", { "stepparent":parent.id, "d":"swap", "id":loop.current.id, "other":loop.next.id, "r":top.admin }) :>"><img src="<:= downimg :>" <:= extras :> /></a>
+  <:.else -:>
+    <:= blankim |raw-:>
+  <:.end if -:>
 <:.end if -:>
 
 <:.end define -:>