oops add security

app/assets/javascripts/discourse/templates/list/wide_categories.js.handlebars

@@ -7,7 +7,9 @@
       <th class='num topics'>{{i18n categories.topics}}</th>
       <th class='num posts'>{{i18n categories.posts}}</th>
       <th class='latest'>{{i18n categories.latest}}
+        {{#if canEdit}}
         <button title='{{i18n categories.toggle_ordering}}' class='btn toggle-admin no-text' {{action toggleOrdering}}><i class='icon icon-wrench'></i></button>
+        {{/if}}
       </th>
     </tr>
     </thead>

app/controllers/categories_controller.rb

@@ -29,6 +29,8 @@ class CategoriesController < ApplicationController
   end
 
   def move
+    guardian.ensure_can_create!(Category)
+
     params.require("category_id")
     params.require("position")