Prevent cross access of PG for different exercise

Here, we are only checking the condition based on the URL if both parameters (exercise and programming group) are given. Otherwise, we skip the check.

app/controllers/programming_groups_controller.rb

@@ -94,6 +94,8 @@ class ProgrammingGroupsController < ApplicationController
   private
 
   def authorize!
+    raise Pundit::NotAuthorizedError if @programming_group.present? && @exercise.present? && @programming_group.exercise != @exercise
+
     authorize(@programming_group || @programming_groups)
   end