.

app/controllers/courses_controller.rb

@@ -217,7 +217,7 @@ class CoursesController < ApplicationController
     @issue_category ||= IssueCategory.new
     @member ||= @course.members.new
     @trackers = Tracker.sorted.all
-   end
+  end
 
   def create
     if User.current.user_extensions.identity
@@ -239,18 +239,18 @@ class CoursesController < ApplicationController
     @trackers = Tracker.sorted.all
 
     if User.current.user_extensions.identity == 0
-        if  @course.save
+      if  @course.save
         #unless User.current.admin?
-          r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+        r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
-          m = Member.new(:user => User.current, :roles => [r])
+        m = Member.new(:user => User.current, :roles => [r])
-          m.project_id = -1
+        m.project_id = -1
-          course = CourseInfos.new(:user_id => User.current.id, :course_id => @course.id)
+        course = CourseInfos.new(:user_id => User.current.id, :course_id => @course.id)
-          #user_grades = UserGrade.create(:user_id => User.current.id, :course_id => @course.id)
+        #user_grades = UserGrade.create(:user_id => User.current.id, :course_id => @course.id)
-          if params[:course][:is_public] == '1'
+        if params[:course][:is_public] == '1'
-            course_status = CourseStatus.create(:course_id => @course.id, :watchers_count => 0, :changesets_count => 0, :grade => 0, :course_type => @course_tag)
+          course_status = CourseStatus.create(:course_id => @course.id, :watchers_count => 0, :changesets_count => 0, :grade => 0, :course_type => @course_tag)
-          end
+        end
-          @course.members << m
+        @course.members << m
-          @course.course_infos << course
+        @course.course_infos << course
         #end
         respond_to do |format|
           format.html {
@@ -272,7 +272,7 @@ class CoursesController < ApplicationController
           format.api { render_validation_errors(@course) }
         end
       end
-  end
+    end
 
   end
 
@@ -715,4 +715,4 @@ class CoursesController < ApplicationController
 
 
 
-end
+end

test/functional/courses_controller_test.rb

@@ -29,27 +29,51 @@ class CoursesControllerTest < ActionController::TestCase
 		assert_template :new
 	end
 
-	def test_create_course_anyone_temporary
+	def test_create_course_with_access_control
 		@request.session[:user_id] = 5
 		Role.find_by_name("Non member").add_permission! :add_course #Non member
+    course_name = 'course_one'
 
 		post :create,
 			:class_period => '32',
 			:time => '2014',
 			:term => 'spring',
 			:course => {
-				:name => 'course one',
+				:name => course_name, # names can't contain space.
 				:password => '1234',
 				:description => 'description',
-				:is_public => '1234',
+				:is_public => '1',
 				:course_type => '1'
 			}
+
 		assert_response :found
-		course = Course.find_by_name('course one')
+		course = Course.find_by_name(course_name)
-		assert_redirected_to "courses/#{course.id}/settings"
+    red_url = "courses/#{course.id}/settings"
-		#assert_redirected_to "courses/#{course.id}/settings"
+    assert_match %r(#{red_url}), @response.redirect_url
+    # 创建成功跳转settings方法会带参数一枚，故一下方法失败
+		# assert_redirected_to "courses/#{course.id}/settings"
 	end
 
+  def test_create_course_without_access_control
+    @request.session[:user_id] = 5
+    #Role.find_by_name("Non member").add_permission! :add_course #Non member
+    course_name = 'course_one'
+
+    post :create,
+      :class_period => '32',
+      :time => '2014',
+      :term => 'spring',
+      :course => {
+        :name => course_name, # names can't contain space.
+        :password => '1234',
+        :description => 'description',
+        :is_public => '1',
+        :course_type => '1'
+      }
+
+    assert_response :forbidden
+  end
+
 #  test "#index by non-admin user with view_time_entries permission should show overall spent time link" do
 #    @request.session[:user_id] = 3
 #    get :index