Fixed issue: [security]Admin user without permissions can still see p…

…lugins page - kindly reported by Pavol Michalec & Frederik Koľbík

application/controllers/admin/PluginManagerController.php

@@ -14,6 +14,10 @@ public function init()
      */
     public function index()
     {
+        if (!Permission::model()->hasGlobalPermission('settings', 'read')) {
+            Yii::app()->setFlashMessage(gT("No permission"), 'error');
+            $this->getController()->redirect(array('/admin'));
+        }        
         $oPluginManager = App()->getPluginManager();
 
         // Scan the plugins folder.
@@ -73,10 +77,6 @@ function ($installedPlugin) {
         $aData['fullpagebar']['returnbutton']['text'] = gT('Return to admin home');
         $aData['data'] = $data;
         $this->_renderWrappedTemplate('pluginmanager', 'index', $aData);
-        if (!Permission::model()->hasGlobalPermission('settings', 'read')) {
-            Yii::app()->setFlashMessage(gT("No permission"), 'error');
-            $this->getController()->redirect(array('/admin'));
-        }
     }
 
     /**