Make statistics teacher-safe

app/models/internal_user.rb

@@ -17,4 +17,8 @@ class InternalUser < ActiveRecord::Base
     activation_token? || reset_password_token?
   end
   private :password_void?
+
+  def teacher?
+    role == 'teacher'
+  end
 end

app/policies/external_user_policy.rb

@@ -1,5 +1,5 @@
 class ExternalUserPolicy < AdminOnlyPolicy
   def statistics?
-    admin? || author? || team_member?
+    admin?
   end
 end

app/views/exercises/statistics.html.slim

@@ -22,8 +22,9 @@ h1 = @exercise
       tbody
         - @exercise.send(symbol).distinct().each do |user|
           - if user_statistics[user.id] then us = user_statistics[user.id] else us = {"maximum_score" => nil, "runs" => nil}
+          - label = current_user.teacher? ? "#{user.name}" : "#{user.name} (#{user.email})"
           tr
-            td = link_to_if symbol==:external_users, "#{user.name} (#{user.email})", {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
+            td = link_to_if symbol==:external_users, label, {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
             td = us['maximum_score'] or 0
             td = us['runs']
             td = @exercise.average_working_time_for(user.id) or 0