Check permissions before displaying download buttons

weblog-adhocquery-html.lsp

@@ -33,12 +33,14 @@ require("viewfunctions")
 		<% end %>
 		</TABLE>
 
+		<% if viewlibrary.check_permission("downloadadhocquery") then %>
 		<form action="/cgi-bin/acf/weblog/weblog/downloadadhocquery" method="POST">
 		<input class="hidden" type="hidden"  name="query"  value="<%= html.html_escape(form.value.query.value) %>" >
 		<DL>
 		<DT>Download query result</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD>
 		</DL>
 		</FORM>
+		<% end %>
 	<% end %>
 <% end %>
 

weblog-viewweblog-html.lsp

@@ -268,8 +268,8 @@ end %>
 <% if #data.value.log.value == 0 then %>
 <p>No results, try adjusting search parameters</p>
 <% end %>
-<DT>Download Options</DT>
-<% if page_info.action == "viewweblog" then %>
+
+<% if viewlibrary.check_permission("downloadweblog") then %>
 <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/downloadweblog") %>" method="POST">
 <input type="hidden"  name="activelog" value="<%= html.html_escape(data.value.activelog.value) %>" >
 <input type="hidden"  name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" >
@@ -283,7 +283,7 @@ end %>
 <input type="hidden"  name="sortby" value="<%= html.html_escape(data.value.sortby.value) %>" >
 <input type="hidden"  name="urisearch" value="<%= html.html_escape(data.value.urisearch.value) %>" >
 <input type="hidden"  name="selected" value="<%= html.html_escape(data.value.selected.value) %>" >
-<DD><input class="submit" type="submit" name="Download" value="Export List"></DD>
+<DT>Download log</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD>
 </form>
 <% end %>
 </DL>