Here's what I've been using, this is just a pure lockout...
in forums/modcp/thread.php find...
PHP Code:
if (!can_moderate(0, 'canmassmove') AND !can_moderate(0, 'canmassprune'))
Above it add...
PHP Code:
// hack
if (1)
{
print_stop_message('no_permission');
}
// end hack
You can modify the if() should you choose to make this conditional.
Admins are sent to the ACP, so you are not locked out from these functions.