getUpdates called also for users without permissions

[flaviocopes]

If a user has login permissions to admin but not admin.super:

  admin:
    login: 'true'

There's a Toastr error coming from the task:GPM action:getUpdates request. Ideally the JS should not perform that action to get the updates, since the user has no rights to do maintenance.

[flaviocopes]

@w00fz do we have the option to check the user's rights in JS? Or should we send this information, to avoid making the Ajax call in the first place?

[w00fz]

There are a few things that needs to be done at plugin level if the user has no rights, more than handling this via JS:

1. enable_auto_updates_check should be forced to disabled (this will also prevent the JS to fetch updates on load)
2. UI elements like check for updates button, add and perhaps even the updates purple bars and badges, should all disappear
3. There should still be an error thrown if a non rightful user tries to fetch updates, just in case the user manages to bypass all our checks or forges a manual ajax call

[flaviocopes]

Thanks, trying this route