diff --git a/app/controllers/graders_controller.rb b/app/controllers/graders_controller.rb
--- a/app/controllers/graders_controller.rb
+++ b/app/controllers/graders_controller.rb
@@ -2,13 +2,20 @@
 
   before_filter :admin_authorization, except: [ :submission ]
   before_filter(only: [:submission]) {
+    #check if authenticated
     return false unless authenticate
 
-    if GraderConfiguration["right.user_view_submission"]
-      return true;
+    #admin always has privileged
+    if @current_user.admin?
+      return true
     end
 
-    admin_authorization
+    if GraderConfiguration["right.user_view_submission"] and Submission.find(params[:id]).problem.available?
+      return true
+    else
+      unauthorized_redirect
+      return false
+    end
   }
 
   verify :method => :post, :only => ['clear_all', 
@@ -28,11 +35,10 @@
 
     @terminated_processes = GraderProcess.find_terminated_graders
     
-    @last_task = Task.find(:first,
-                           :order => 'created_at DESC')
-    @last_test_request = TestRequest.find(:first,
-                                          :order => 'created_at DESC')
+    @last_task = Task.last
+    @last_test_request = TestRequest.last
     @submission = Submission.order("id desc").limit(20)
+    @backlog_submission = Submission.where('graded_at is null')
   end
 
   def clear
@@ -49,7 +55,7 @@
   end
 
   def clear_all
-    GraderProcess.find(:all).each do |p|
+    GraderProcess.all.each do |p|
       p.destroy
     end
     redirect_to :action => 'list'
@@ -86,6 +92,9 @@
     @formatted_code = formatter.format(lexer.lex(@submission.source))
     @css_style = Rouge::Themes::ThankfulEyes.render(scope: '.highlight')
 
+    user = User.find(session[:user_id])
+    SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
+
   end
 
   # various grader controls