diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -39,11 +39,14 @@
 
   def testcase_authorization
     #admin always has privileged
+    puts "haha"
     if @current_user.admin?
       return true
     end
 
-    unauthorized_redirect if GraderConfiguration["right.view_testcase"]
+    puts "hehe"
+    puts GraderConfiguration["right.view_testcase"]
+    unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
   end
 
   protected
@@ -108,13 +111,15 @@
 
   def authorization
     return false unless authenticate
+    puts "haha 1"
     user = User.find(session[:user_id])
     unless user.roles.detect { |role|
-	role.rights.detect{ |right|
-	  right.controller == self.class.controller_name and
-          (right.action == 'all' or right.action == action_name)
-	}
+        role.rights.detect{ |right|
+          right.controller == self.class.controller_name and
+            (right.action == 'all' or right.action == action_name)
+        }
       }
+      puts "haha 2"
       flash[:notice] = 'You are not authorized to view the page you requested'
       #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
       redirect_to :controller => 'main', :action => 'login'