From 6b72b4bb175530011fdd2b72882e800e4232d572 Mon Sep 17 00:00:00 2001
From: cxt <pinecxt@163.com>
Date: Thu, 26 Nov 2015 11:22:42 +0800
Subject: [PATCH] =?UTF-8?q?=E9=9D=9E=E8=AF=BE=E7=A8=8B=E5=8F=82=E4=B8=8E?=
 =?UTF-8?q?=E4=BA=BA=E5=91=98=E6=97=A0=E6=B3=95=E6=9F=A5=E7=9C=8B=E7=A7=81?=
 =?UTF-8?q?=E6=9C=89=E8=AF=BE=E7=A8=8B=E7=9A=84=E6=B5=8B=E9=AA=8C=E5=88=97?=
 =?UTF-8?q?=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/exercise_controller.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/exercise_controller.rb b/app/controllers/exercise_controller.rb
index 2c1ad31c1..d1df22dff 100644
--- a/app/controllers/exercise_controller.rb
+++ b/app/controllers/exercise_controller.rb
@@ -5,8 +5,11 @@ class ExerciseController < ApplicationController
   before_filter :find_course, :only => [:index,:new,:create,:student_exercise_list]
   include ExerciseHelper
 
-  include ExerciseHelper
   def index
+    if @course.is_public == 0 && !User.current.member_of_course?(@course)
+      render_403
+      return
+    end
     remove_invalid_exercise(@course)
     @is_teacher = User.current.allowed_to?(:as_teacher,@course)
     if @is_teacher