diff --git a/Gemfile.lock b/Gemfile.lock
index 6680070a7..e6ee7da71 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -134,7 +134,7 @@ PLATFORMS
 DEPENDENCIES
   activerecord-jdbc-adapter (= 1.2.5)
   activerecord-jdbcmysql-adapter
-  acts-as-taggable-on
+  acts-as-taggable-on (= 2.4.1)
   better_errors!
   builder (= 3.0.0)
   coderay (~> 1.0.6)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a25b346ca..4b877818b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -264,6 +264,14 @@ class ApplicationController < ActionController::Base
     render_404
   end
 
+  #根据course_id找project
+  def find_project_by_course_id
+    @bid = Bid.find params[:course_id]
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   # Find a project based on params[:project_id]
   # TODO: some subclasses override this, see about merging their logic
   def find_optional_project
diff --git a/app/controllers/bids_controller.rb b/app/controllers/bids_controller.rb
index ff6fda491..cde3eb76a 100644
--- a/app/controllers/bids_controller.rb
+++ b/app/controllers/bids_controller.rb
@@ -16,6 +16,13 @@ class BidsController < ApplicationController
 
   before_filter :memberAccess, only: :show_project
 
+  #判断当前角色权限时需先找到当前操作的project
+  before_filter :find_project_by_project_id, :only => [:edit]
+  before_filter :find_project_by_course_id, :only => [:homework_destroy]
+  before_filter :find_project_by_bid_id, :only => [:show_project]
+  #判断当前角色是否有操作权限
+  #勿删 before_filter :authorize, :only => [:edit,:homework_destroy,:show_project]
+
   helper :watchers
   helper :attachments
   include AttachmentsHelper
@@ -25,7 +32,14 @@ class BidsController < ApplicationController
   helper :projects
   helper :words
   helper :welcome
-  
+
+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   def homework_ajax_modal
     @bid = Bid.find_by_id(params[:id])
     # find_bid
@@ -526,6 +540,7 @@ class BidsController < ApplicationController
         message = params[:bid_message][:message] + "\n" + params[:reference_content]
       else
         message = params[:bid_message][:message]
+        @m = message
       end
       refer_user_id = params[:bid_message][:reference_user_id].to_i
       @bid.add_jour(User.current, message, refer_user_id)
diff --git a/app/controllers/homework_attach_controller.rb b/app/controllers/homework_attach_controller.rb
index 1c3e8cabe..cd7a7870b 100644
--- a/app/controllers/homework_attach_controller.rb
+++ b/app/controllers/homework_attach_controller.rb
@@ -1,5 +1,23 @@
 class HomeworkAttachController < ApplicationController
   ###############################
+  #判断当前角色权限时需先找到当前操作的project
+  before_filter :find_project_by_bid_id, :only => [:new]
+  before_filter :find_project_by_hoemwork_id, :only => [:edit,:update,:destroy]
+  #判断当前角色是否有操作权限
+  #勿删 before_filter :authorize, :only => [:new,:edit,:update,:destroy]
+
+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def find_project_by_hoemwork_id
+    @homework = HomeworkAttach.find(params[:id])
+    @project = @homework.bid.courses[0]
+  end
+
   def index
     @homeworks = HomeworkAttach.all
     respond_to do |format|
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 16d9d71d4..ad3dc3dca 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -37,6 +37,7 @@ class ProjectsController < ApplicationController
   # before_filter :authorize, :except => [:new_join, :new_homework, :homework, :statistics, :search, :watcherlist, :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy, :member, :focus, :file, 
   #               :statistics, :feedback, :course, :enterprise_course, :course_enterprise, :project_respond, :share,
   #               :show_projects_score, :issue_score_index, :news_score_index, :file_score_index, :code_submit_score_index, :projects_topic_score_index]
+  #此条勿删 课程相关权限  ,:new_homework,:homework,:feedback,,:member
   before_filter :authorize, :only => [:show, :settings, :edit, :sort_project_members, :update, :modules, :close, :reopen,:view_homework_attaches,:course]
   before_filter :authorize_global, :only => [:new, :create,:view_homework_attaches]
   before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy, :calendar]
@@ -721,6 +722,9 @@ class ProjectsController < ApplicationController
       @teachers= searchTeacherAndAssistant(@project)
       @canShowRealName = isCourseTeacher(User.current.id)
     end
+
+    #勿删 real_name action为虚拟的该方法并不存在，用来辅助判断真名权限
+    #勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
     respond_to do |format|
       format.html{render :layout => 'base_courses' if @base_courses_tag==1}
       format.api
diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb
index 5caa97a22..ee5460805 100644
--- a/app/controllers/zipdown_controller.rb
+++ b/app/controllers/zipdown_controller.rb
@@ -1,7 +1,21 @@
 class ZipdownController < ApplicationController
+  #查找项目（课程）
+  before_filter :find_project_by_bid_id, :only => [:assort,:download_user_homework]
+  #检查权限
+  #勿删 before_filter :authorize, :only => [:assort,:download_user_homework]
   SAVE_FOLDER = "#{Rails.root}/files"
   OUTPUT_FOLDER = "#{Rails.root}/tmp/archiveZip"
 
+  #通过作业Id找到项目（课程）
+  def find_project_by_bid_id
+    obj_class = params[:obj_class]
+    obj_id = params[:obj_id]
+    obj = obj_class.constantize.find(obj_id)
+    case obj.class.to_s.to_sym
+      when :Bid
+        @project = obj.courses[0]
+    end
+  end
   def assort
     obj_class = params[:obj_class]
     obj_id = params[:obj_id]
diff --git a/app/views/bids/show_project.html.erb b/app/views/bids/show_project.html.erb
index c14d2e14c..039de6b7a 100644
--- a/app/views/bids/show_project.html.erb
+++ b/app/views/bids/show_project.html.erb
@@ -1,8 +1,9 @@
 <% if @bid.homework_type == Bid::HomeworkFile %>
+    <!-- 提交文件类型 -->
     <%= render :partial => 'homework' %>
 
 <% else %>
-
+    <!-- 提交引用项目 -->
     <script type="text/javascript" language="javascript">
         function clearInfo(id, content) {
             var text = $('#' + id);
diff --git a/app/views/users/_my_joinedcourse.html.erb b/app/views/users/_my_joinedcourse.html.erb
index bd9ceab8a..8c664c62d 100644
--- a/app/views/users/_my_joinedcourse.html.erb
+++ b/app/views/users/_my_joinedcourse.html.erb
@@ -7,7 +7,7 @@
 		<% else %>
 		<p class="font_description">
 			
-			<%= l(:label_project_cousre_studentun) %><%= link_to"#{l(:label_course_join_student)}",{:controller=>'projects',:action=>'course', :course => 1}, :class => 'icon icon-add' %>			
+			<%= l(:label_project_cousre_studentun) %><%= link_to"#{l(:label_course_join_student)}",{:controller=>'projects',:action=>'course', :project_type => 1}, :class => 'icon icon-add' %>
 			</p>
 		<% end %>
 <% else %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 23911e568..d8bfc966c 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -473,6 +473,27 @@ en:
   permission_export_wiki_pages: Export wiki pages
   permission_manage_subtasks: Manage subtasks
   permission_manage_related_issues: Manage related issues
+  permission_view_journals_for_messages: View journals messages
+  permission_view_courses: View courses
+  permission_new_course: Create course
+  permission_configure_course: Configure course
+  permission_close_course: Close/open course
+  permission_new_assignment: Create assignment
+  permission_edit_assignment: Edit assignment
+  permission_delete_assignment: Delete assignment
+  permission_new_placeholder: Create placeholder
+  permission_edit_placeholder: Edit placeholder
+  permission_delete_placeholder: Delete placeholder
+  permission_commit_content: Commit content
+  permission_new_course_notify: Create course notify
+  permission_edit_course_notify: Eidt course notify
+  permission_delete_course_notify: Delete course notify
+  permission_view_assignment: View assignment
+  permission_view_placeholder: View placeholder
+  permission_view_course_messages: View course messages
+  permission_view_real_name: View real name
+  permission_view_students: View students
+  permission_export_homeworks: Export homeworks
 
   project_module_issue_tracking: Issue tracking
   project_module_time_tracking: Time tracking
diff --git a/config/locales/zh.yml b/config/locales/zh.yml
index aecf2f19a..42886845e 100644
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@@ -453,7 +453,27 @@ zh:
   permission_export_wiki_pages: 导出 wiki 页面
   permission_manage_subtasks: 管理子任务
   permission_view_journals_for_messages: 查看留言
-  permission_view_courses: 查看课程列表
+  permission_view_courses: 查看课程
+  permission_new_course: 新建课程
+  permission_configure_course: 配置课程
+  permission_close_course: 关闭/重开课程
+  permission_new_assignment: 新建任务
+  permission_edit_assignment: 编辑任务
+  permission_delete_assignment: 删除任务
+  permission_new_placeholder: 新建占位
+  permission_edit_placeholder: 编辑占位
+  permission_delete_placeholder: 删除占位
+  permission_commit_content: 提交内容
+  permission_new_course_notify: 发布课程通知
+  permission_edit_course_notify: 编辑课程通知
+  permission_delete_course_notify: 删除课程通知
+  permission_view_assignment: 查看任务
+  permission_view_placeholder: 查看占位
+  permission_view_course_messages: 查看留言
+  permission_view_real_name: 查看真名
+  permission_view_students: 查看成员
+  permission_export_homeworks: 导出作业
+
 
   project_module_issue_tracking: 问题跟踪
   project_module_time_tracking: 时间跟踪
diff --git a/config/settings.yml b/config/settings.yml
index fbaba502f..f2c64a97c 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -172,6 +172,7 @@ default_projects_modules:
   - boards
   - calendar
   - gantt
+  - course
 default_projects_tracker_ids:
   serialized: true
   default: 
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 7b83c7cb6..7d3aa9ea7 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -179,13 +179,27 @@ Redmine::AccessControl.map do |map|
   end
 
   #课程权限模块
-  map.project_module :course do
+  map.project_module :course do |map|
     map.permission :view_courses,{:projects => [:course]},:read => true
-  end
-
-  #作业模块权限
-  map.project_module :bids do |map|
-    map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true
+    #map.permission :new_course, {}, :read => true
+    #map.permission :configure_course,{},:read => true
+    #map.permission :close_course,{},:read => true
+    map.permission :new_assignment,{:projects => [:new_homework]},:read => true
+    map.permission :edit_assignment,{:bids => [:edit]},:read => true
+    map.permission :delete_assignment,{:bids => [:homework_destroy]},:read => true
+    map.permission :new_placeholder,{:homework_attach => [:new]},:read => true
+    map.permission :edit_placeholder,{:homework_attach => [:edit,:update]},:read => true
+    map.permission :delete_placeholder,{:homework_attach => [:destroy]},:read => true
+    #map.permission :commit_content,{},:read => true
+    #map.permission :new_course_notify,{},:read => true
+    #map.permission :edit_course_notify,{},:read => true
+    #map.permission :delete_course_notify,{},:read => true
+    map.permission :view_assignment,{:projects => [:homework]},:read => true
+    map.permission :view_placeholder,{:bids => [:show_project]},:read => true
+    map.permission :view_course_messages,{:projects => [:feedback]},:read => true
+    map.permission :view_real_name,{:projects => [:real_name]},:read => true
+    map.permission :view_students,{:projects => [:member]}, :read=>true
+    map.permission :export_homeworks,{:zipdown => [:assort,:download_user_homework]},:read => true
   end
 
   map.project_module :boards do |map|