Refactor exercise_controller and move more checks to policy

* We introduce a custom handler for Pundit::NotAuthorizedError

app/policies/exercise_policy.rb

@@ -30,7 +30,11 @@ class ExercisePolicy < AdminOrAuthorPolicy
   end
 
   %i[implement? working_times? intervention? search? reload?].each do |action|
-    define_method(action) { everyone }
+    define_method(action) do
+      return no_one unless @record.files.visible.exists?
+
+      admin? || teacher_in_study_group? || author? || (everyone && !@record.unpublished?)
+    end
   end
 
   def submit?