隐藏和已经删除的实训，不能通过连接访问

app/controllers/challenges_controller.rb

@@ -467,7 +467,7 @@ class ChallengesController < ApplicationController
       render_404
       return
     else
-      if (@shixun.status == 0 && !User.current.manager_of_shixun?(@shixun)) || @shixun.status == -1
+      if (@shixun.status == 0 && !User.current.manager_of_shixun?(@shixun)) || (!@shixun.operable? && !User.current.admin?)
         render_403
         return
       end

app/models/shixun.rb

@@ -62,13 +62,18 @@ class Shixun < ActiveRecord::Base
 
   include ApplicationHelper
   has_many :tidings, :as => :container, :dependent => :destroy
-  scope :visible, -> { where(status: -1) }
+  #scope :visible, -> { where(status: -1) }
   after_create :send_tiding
 
   def should_compile?
     self.mirror_repositories.published_main_mirror.first.try(:should_compile)
   end
 
+  # 可供使用的实训
+  def operable?
+    self.status != -1 && !self.hidden
+  end
+
   def is_published?
     self.status > 1 ? true : false
   end

app/services/games_service.rb

@@ -17,7 +17,8 @@ class GamesService
 
     myshixun = Myshixun.min.find(game.myshixun_id)
     shixun = Shixun.min.find(myshixun.shixun_id)
-    unless (myshixun.user_id == current_user.id || current_user.admin? || current_user.business? || current_user.id == shixun.try(:user_id) || current_user.is_certification_teacher)
+    unless ((myshixun.user_id == current_user.id || current_user.business? || current_user.id == shixun.try(:user_id) ||
+        current_user.is_certification_teacher) && (shixun.operable?)) || current_user.admin?
       return{:status => 403}
     end
     game_challenge = Challenge.min.find(game.challenge_id)