diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb
index 1e4cf150..29a1c570 100644
--- a/app/policies/exercise_policy.rb
+++ b/app/policies/exercise_policy.rb
@@ -8,7 +8,11 @@ class ExercisePolicy < AdminOrAuthorPolicy
     admin?
   end
 
-  [:clone?, :destroy?, :edit?, :show?, :statistics?, :update?].each do |action|
+  def show?
+    @user.internal_user?
+  end
+
+  [:clone?, :destroy?, :edit?, :statistics?, :update?].each do |action|
     define_method(action) { admin? || author? || team_member? }
   end
 
diff --git a/app/views/exercises/index.html.slim b/app/views/exercises/index.html.slim
index d6e37ca9..47714943 100644
--- a/app/views/exercises/index.html.slim
+++ b/app/views/exercises/index.html.slim
@@ -27,17 +27,17 @@ h1 = Exercise.model_name.human(count: 2)
       - @exercises.each do |exercise|
         tr data-id=exercise.id
           td = exercise.title
-          td = link_to(exercise.author, exercise.author)
-          td = link_to(exercise.execution_environment, exercise.execution_environment)
+          td = link_to_if(policy(exercise.author).show?, exercise.author, exercise.author)
+          td = link_to_if(policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
           td = exercise.files.teacher_defined_tests.count
           td = exercise.maximum_score
           td.public data-value=exercise.public? = symbol_for(exercise.public?)
-          td = link_to(t('shared.show'), exercise)
-          td = link_to(t('shared.edit'), edit_exercise_path(exercise))
-          td = link_to(t('shared.destroy'), exercise, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
-          td = link_to(t('.clone'), clone_exercise_path(exercise), data: {confirm: t('shared.confirm_destroy')}, method: :post)
-          td = link_to(t('.implement'), implement_exercise_path(exercise))
-          td = link_to(t('shared.statistics'), statistics_exercise_path(exercise))
+          td = link_to(t('shared.show'), exercise) if policy(exercise).show?
+          td = link_to(t('shared.edit'), edit_exercise_path(exercise)) if policy(exercise).edit?
+          td = link_to(t('shared.destroy'), exercise, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(exercise).destroy?
+          td = link_to(t('.clone'), clone_exercise_path(exercise), data: {confirm: t('shared.confirm_destroy')}, method: :post) if policy(exercise).clone?
+          td = link_to(t('.implement'), implement_exercise_path(exercise)) if policy(exercise).implement?
+          td = link_to(t('shared.statistics'), statistics_exercise_path(exercise)) if policy(exercise).statistics?
 
 = render('shared/pagination', collection: @exercises)
-p = render('shared/new_button', model: Exercise)
\ No newline at end of file
+p = render('shared/new_button', model: Exercise)
diff --git a/app/views/exercises/show.html.slim b/app/views/exercises/show.html.slim
index 67185046..dbeca3d3 100644
--- a/app/views/exercises/show.html.slim
+++ b/app/views/exercises/show.html.slim
@@ -4,12 +4,13 @@
 
 h1
   = @exercise
-  = render('shared/edit_button', object: @exercise)
+  - if policy(@exercise).edit?
+    = render('shared/edit_button', object: @exercise)
 
 = row(label: 'exercise.title', value: @exercise.title)
-= row(label: 'exercise.user', value: link_to(@exercise.author, @exercise.author))
+= row(label: 'exercise.user', value: link_to_if(policy(@exercise.author).show?, @exercise.author, @exercise.author))
 = row(label: 'exercise.description', value: @exercise.description)
-= row(label: 'exercise.execution_environment', value: link_to(@exercise.execution_environment, @exercise.execution_environment))
+= row(label: 'exercise.execution_environment', value: link_to_if(policy(@exercise.execution_environment).show?, @exercise.execution_environment, @exercise.execution_environment))
 = row(label: 'exercise.instructions', value: render_markdown(@exercise.instructions))
 = row(label: 'exercise.team', value: @exercise.team ? link_to(@exercise.team, @exercise.team) : nil)
 = row(label: 'exercise.maximum_score', value: @exercise.maximum_score)
@@ -26,5 +27,6 @@ ul.list-unstyled
       .panel-heading
         h3.panel-title = file.name_with_extension
       .panel-body
-        .clearfix = link_to(t('shared.destroy'), file, class:'btn btn-warning btn-sm pull-right', data: {confirm: t('shared.confirm_destroy')}, method: :delete)
+        - if policy(file).destroy?
+          .clearfix = link_to(t('shared.destroy'), file, class:'btn btn-warning btn-sm pull-right', data: {confirm: t('shared.confirm_destroy')}, method: :delete)
         = render('shared/file', file: file)
diff --git a/app/views/shared/_file.html.slim b/app/views/shared/_file.html.slim
index f1f7a905..1e50388c 100644
--- a/app/views/shared/_file.html.slim
+++ b/app/views/shared/_file.html.slim
@@ -1,6 +1,6 @@
 = row(label: 'file.name', value: file.name)
 = row(label: 'file.path', value: file.path)
-= row(label: 'file.file_type', value: link_to(file.file_type, file.file_type))
+= row(label: 'file.file_type', value: link_to_if(policy(file).show?, file.file_type, file.file_type))
 = row(label: 'file.role', value: file.role? ? t("files.roles.#{file.role}") : '')
 = row(label: 'file.hidden', value: file.hidden)
 = row(label: 'file.read_only', value: file.read_only)