关卡的权限控制

app/controllers/challenges_controller.rb

@@ -5,8 +5,8 @@ class ChallengesController < ApplicationController
   before_action :find_challenge, only: [:edit, :show, :update, :create_choose_question, :index_down, :index_up,
                                         :edit_choose_question, :show_choose_question, :destroy_challenge_choose,
                                         :update_choose_question, :destroy, :crud_answer, :answer]
-  # before_action :allowed, except: [:index, :show, :edit_choose_question, :edit]
-
+  # 权限控制
+  before_action :allowed, except: [:index]
 
   include ShixunsHelper
   include ChallengesHelper
@@ -296,8 +296,7 @@ class ChallengesController < ApplicationController
   end
 
   def allowed
-    # 实训为发布前,除实训的管理者外,其他人都不人都不允许访问
-    if !current_user.manager_of_shixun?(@shixun) && (@shixun.status < 1 || @shixun.hidden == 1)
+    unless current_user.manager_of_shixun?(@shixun)
       raise Educoder::TipException.new(403, "..")
     end
   end