.

test/functional/courses_controller_test.rb

@@ -29,27 +29,51 @@ class CoursesControllerTest < ActionController::TestCase
 		assert_template :new
 	end
 
-	def test_create_course_anyone_temporary
+	def test_create_course_with_access_control
 		@request.session[:user_id] = 5
 		Role.find_by_name("Non member").add_permission! :add_course #Non member
+    course_name = 'course_one'
 
 		post :create,
 			:class_period => '32',
 			:time => '2014',
 			:term => 'spring',
 			:course => {
-				:name => 'course one',
+				:name => course_name, # names can't contain space.
 				:password => '1234',
 				:description => 'description',
-				:is_public => '1234',
+				:is_public => '1',
 				:course_type => '1'
 			}
+
 		assert_response :found
-		course = Course.find_by_name('course one')
+		course = Course.find_by_name(course_name)
-		assert_redirected_to "courses/#{course.id}/settings"
+    red_url = "courses/#{course.id}/settings"
+    assert_match %r(#{red_url}), @response.redirect_url
+    # 创建成功跳转settings方法会带参数一枚，故一下方法失败
 		# assert_redirected_to "courses/#{course.id}/settings"
 	end
 
+  def test_create_course_without_access_control
+    @request.session[:user_id] = 5
+    #Role.find_by_name("Non member").add_permission! :add_course #Non member
+    course_name = 'course_one'
+
+    post :create,
+      :class_period => '32',
+      :time => '2014',
+      :term => 'spring',
+      :course => {
+        :name => course_name, # names can't contain space.
+        :password => '1234',
+        :description => 'description',
+        :is_public => '1',
+        :course_type => '1'
+      }
+
+    assert_response :forbidden
+  end
+
 #  test "#index by non-admin user with view_time_entries permission should show overall spent time link" do
 #    @request.session[:user_id] = 3
 #    get :index