Hide delete button from unauthorized users, fixes #533

src/Packagist/WebBundle/Resources/views/Web/versionList.html.twig

@@ -10,7 +10,7 @@
                     {% endif -%}
                 </a>
 
-                {% if deleteVersionCsrfToken is defined %}
+                {% if deleteVersionCsrfToken is defined and deleteVersionCsrfToken is not empty %}
                 <form class="delete-version" action="{{ path("delete_version", {"versionId": version.id}) }}" method="DELETE">
                     <input type="hidden" name="_token" value="{{ deleteVersionCsrfToken }}" />
                     <i class="submit glyphicon glyphicon-remove"></i>

src/Packagist/WebBundle/Resources/views/Web/viewPackage.html.twig

@@ -198,7 +198,7 @@
                         {% include 'PackagistWebBundle:Web:versionDetails.html.twig' with {version: expandedVersion} %}
                     {% endif %}
                 </div>
-                {% include 'PackagistWebBundle:Web:versionList.html.twig' with {versions: versions, expandedId: expandedVersion.id, deleteVersionCsrfToken: deleteVersionCsrfToken} %}
+                {% include 'PackagistWebBundle:Web:versionList.html.twig' with {versions: versions, expandedId: expandedVersion.id, deleteVersionCsrfToken: deleteVersionCsrfToken|default(null)} %}
             {% elseif package.crawledAt is null %}
                 <p class="col-xs-12">This package has not been crawled yet, some information is missing.</p>
             {% else %}