FIX: Don't show the category edit button unless the user can edit the

category

app/assets/javascripts/discourse/routes/build-category-route.js.es6

@@ -28,7 +28,7 @@ export default function(filter, params) {
         category: model,
         filterMode: filterMode,
         noSubcategories: params && params.no_subcategories,
-        canEditCategory: Discourse.User.currentProp('staff'),
+        canEditCategory: model.get('can_edit'),
         canChangeCategoryNotificationLevel: Discourse.User.current()
       });
     },

app/assets/javascripts/discourse/routes/discovery_top_routes.js

@@ -66,7 +66,7 @@ Discourse.DiscoveryTopCategoryRoute = Discourse.Route.extend(Discourse.OpenCompo
 
     var opts = { category: model, filterMode: filterMode };
     opts.noSubcategories = noSubcategories;
-    opts.canEditCategory = Discourse.User.currentProp('staff');
+    opts.canEditCategory = model.get('can_edit');
     this.controllerFor('navigation/category').setProperties(opts);
 
     return Discourse.TopList.find(filterMode).then(function(list) {

app/models/site.rb

@@ -75,7 +75,7 @@ class Site
     end
 
     site = Site.new(guardian)
-    MultiJson.dump(SiteSerializer.new(site, root: false))
+    MultiJson.dump(SiteSerializer.new(site, root: false, scope: guardian))
   end
 
 end

app/serializers/basic_category_serializer.rb

@@ -14,7 +14,8 @@ class BasicCategorySerializer < ApplicationSerializer
              :parent_category_id,
              :notification_level,
              :logo_url,
-             :background_url
+             :background_url,
+             :can_edit
 
   def include_parent_category_id?
     parent_category_id
@@ -23,4 +24,12 @@ class BasicCategorySerializer < ApplicationSerializer
   def description
     object.uncategorized? ? SiteSetting.uncategorized_description : object.description
   end
+
+  def can_edit
+    true
+  end
+  def include_can_edit?
+    scope && scope.can_edit?(object)
+  end
+
 end