Ensure views only link to those actions allowed for current user

app/views/user_exercise_feedbacks/index.html.slim

@@ -12,16 +12,15 @@ h1 = UserExerciseFeedback.model_name.human(count: 2)
   table.table
     thead
       tr
-        th colspan=2 = t('activerecord.attributes.user_exercise_feedback.user')
+        th = t('activerecord.attributes.user_exercise_feedback.user')
         th = t('activerecord.attributes.user_exercise_feedback.exercise')
         th colspan=2 = t('shared.actions')
     tbody
       - @uefs.each do |uef|
         tr
-          td = uef.user.id
-          td = uef.user.name
-          td = link_to(uef.exercise.title, uef.exercise)
-          td = link_to(t('shared.show'), uef)
-          td = link_to(t('shared.destroy'), uef, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
+          td = link_to_if(policy(uef.user).show?, uef.user.name)
+          td = link_to_if(policy(uef.exercise).show?, uef.exercise.title, uef.exercise)
+          td = link_to(t('shared.show'), uef) if policy(uef).show?
+          td = link_to(t('shared.destroy'), uef, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(uef).destroy?
 
 = render('shared/pagination', collection: @uefs)

app/views/user_exercise_feedbacks/show.html.slim

@@ -1,7 +1,7 @@
 h2 = @uef
 
-= row(label: 'activerecord.attributes.user_exercise_feedback.exercise', value: link_to(@uef.exercise.title, @uef.exercise))
-= row(label: 'user_exercise_feedback.user', value: @uef.user)
+= row(label: 'activerecord.attributes.user_exercise_feedback.exercise', value: link_to_if(policy(@uef.exercise).show?, @uef.exercise.title, @uef.exercise))
+= row(label: 'user_exercise_feedback.user', value: link_to_if(policy(@uef.user).show?, @uef.user))
 = row(label: 'activerecord.attributes.user_exercise_feedback.feedback_text', value: @uef.feedback_text)
 = row(label: 'user_exercise_feedback.difficulty', value: @uef.difficulty)
 = row(label: 'user_exercise_feedback.working_time', value: @uef.user_estimated_worktime)