diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -37,6 +37,15 @@
     end
   end
 
+  def testcase_authorization
+    #admin always has privileged
+    if @current_user.admin?
+      return true
+    end
+
+    unauthorized_redirect if GraderConfiguration["right.view_testcase"]
+  end
+
   protected
 
   def authenticate