diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d18de04..17ab73f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -24,6 +24,7 @@
   ##
   # POST - updates the permissions for a user
   # redirects to the admin_index action
+  # should add validation that the perms given are current perms of the current_user
   def admin_update_permissions
     @user = User.includes(:perms).find(params[:id])
     authorize @user