diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 6db050b..718736d 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -52,6 +52,13 @@ def muted
   def update_in_place
     # TODO: Here need to chack permission
     klass, field, id = params[:id].split('__')
+    puts params[:id]
+
+    # 验证权限,用户是否有修改制定信息的权限
+    case klass
+    when "user" then return if current_user.id.to_s != id
+    end
+
     object = klass.camelize.constantize.find(id)
     if object.update_attributes(field => params[:value])
       render :text => object.send(field).to_s