do not set spamblock button if user not has 'adminComments' privilege

include/admin/comments.inc.php

@@ -270,17 +270,19 @@ if ($commentsPerPage == COMMENTS_FILTER_ALL) {
     $limit = serendipity_db_limit_sql(serendipity_db_limit(($page-1)*(int)$commentsPerPage, (int)$commentsPerPage));
 }
 
-$sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c 
-                                LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id) 
-                                WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '$c_type' " : '') . $and 
-                                . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int)$serendipity['authorid'] : '') . " 
+$sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c
+                                LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
+                                WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '$c_type' " : '') . $and
+                                . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int)$serendipity['authorid'] : '') . "
                                 ORDER BY c.id DESC $limit");
 
-ob_start();
-# This event has to get send here so the spamblock-plugin can block an author now and the comment_page show that on this pageload
-serendipity_plugin_api::hook_event('backend_comments_top', $sql);
-$data['backend_comments_top'] = ob_get_contents();
-ob_end_clean();
+if (serendipity_checkPermission('adminComments')) {
+    ob_start();
+    # This event has to get send here so the spamblock-plugin can block an author now and the comment_page show that on this pageload
+    serendipity_plugin_api::hook_event('backend_comments_top', $sql);
+    $data['backend_comments_top'] = ob_get_contents();
+    ob_end_clean();
+}
 
 $data['commentsPerPage'] = $commentsPerPage;
 $data['totalComments']   = $totalComments;