From 5eaa508b74b2214cf91e973b41e160cdf42a6294 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Thu, 3 Dec 2020 17:05:21 +0100
Subject: [PATCH] Enforce file creation allowance via Pundit policy

---
 app/policies/code_ocean/file_policy.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/policies/code_ocean/file_policy.rb b/app/policies/code_ocean/file_policy.rb
index e8d7b5a8..3d5ab473 100644
--- a/app/policies/code_ocean/file_policy.rb
+++ b/app/policies/code_ocean/file_policy.rb
@@ -15,8 +15,10 @@ module CodeOcean
     def create?
       if @record.context.is_a?(Exercise)
         admin? || author?
-      else
+      elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation
         author?
+      else
+        no_one
       end
     end