diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index d9ad3915e..175a649c2 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -37,8 +37,9 @@ class Attachment < ActiveRecord::Base
   acts_as_event :title => :filename,
                 :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
 
-
+  #课程资源文件
   acts_as_activity_provider :type => 'course_files',
+                            :permission => :view_files,
                             :author_key => :author_id,
                             :find_options => {:select => "#{Attachment.table_name}.*",
                                               :joins => "LEFT JOIN #{Course.table_name}  ON ( #{Attachment.table_name}.container_type='Course' AND #{Attachment.table_name}.container_id = #{Course.table_name}.id )"}
diff --git a/app/models/user.rb b/app/models/user.rb
index fd4508ce6..0c798eea8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -719,7 +719,7 @@ class User < Principal
     return @courses_by_role if @courses_by_role
 
     @courses_by_role = Hash.new([])
-    memberships.each do |membership|
+    coursememberships.each do |membership|
       if membership.course
         membership.roles.each do |role|
           @courses_by_role[role] = [] unless @courses_by_role.key?(role)
diff --git a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb
index 95bda9bb0..792f75e56 100644
--- a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb
+++ b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb
@@ -71,16 +71,15 @@ module Redmine
             end
 
             if provider_options.has_key?(:permission)
-              scope = scope.scoped(:conditions => Project.allowed_to_condition(user, provider_options[:permission] || :view_project, options))
+              if  options[:course]
+                scope = scope.scoped(:conditions => Course.allowed_to_condition(user, provider_options[:permission] || :view_course, options))
+              else
+                scope = scope.scoped(:conditions => Project.allowed_to_condition(user, provider_options[:permission] || :view_project, options))
+              end
             elsif respond_to?(:visible)
               scope = scope.visible(user, options)
             elsif options[:course]
-              if Course.new.methods.include?(event_type.to_s)
-                ActiveSupport::Deprecation.warn "acts_as_activity_provider with implicit :permission option is deprecated. Add a visible scope to the #{self.name} model or use explicit :permission option."
-                scope = scope.scoped(:conditions => Course.allowed_to_condition(user, "view_#{self.name.underscore.pluralize}".to_sym, options))
-              else
-                scope = scope.scoped(:conditions =>"1=0")
-              end
+              scope = scope.scoped(:conditions => Course.allowed_to_condition(user, "view_#{self.name.underscore.pluralize}".to_sym, options))
             else
               ActiveSupport::Deprecation.warn "acts_as_activity_provider with implicit :permission option is deprecated. Add a visible scope to the #{self.name} model or use explicit :permission option."
               scope = scope.scoped(:conditions => Project.allowed_to_condition(user, "view_#{self.name.underscore.pluralize}".to_sym, options))