diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 6db050b..718736d 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -52,6 +52,13 @@ def muted
   def update_in_place
     # TODO: Here need to chack permission
     klass, field, id = params[:id].split('__')
+    puts params[:id]
+
+    # 验证权限,用户是否有修改制定信息的权限
+    case klass
+    when "user" then return if current_user.id.to_s != id
+    end
+
     object = klass.camelize.constantize.find(id)
     if object.update_attributes(field => params[:value])
       render :text => object.send(field).to_s
diff --git a/app/models/comment.rb b/app/models/comment.rb
index e7a45e8..31ac0a3 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -8,6 +8,8 @@ class Comment
   belongs_to :commentable, :polymorphic => true
   belongs_to :user
 
+  validates_presence_of :body
+
   before_create :fix_commentable_id
   def fix_commentable_id
     if self.commentable_id.class == "".class