Avoid that files from other exercises can be created

app/controllers/concerns/file_parameters.rb

@@ -5,7 +5,8 @@ module FileParameters
     if Exercise.exists?(id: exercise_id) && params
       params.reject do |_, file_attributes|
         file = CodeOcean::File.find_by(id: file_attributes[:file_id])
-        file.nil? || file.hidden || file.read_only
+        # avoid that public files from other contexts can be created
+        file.nil? || file.hidden || file.read_only || file.context_id != exercise_id.to_i
       end
     else
       []

app/controllers/concerns/submission_parameters.rb

@@ -9,7 +9,7 @@ module SubmissionParameters
     # The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended.
     submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes).merge(user_id: current_user_id, user_type: current_user_class_name, study_group_id: session[:study_group_id]) : {}
     files_attributes = submission_params[:files_attributes] || []
-    submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id], files_attributes)
+    submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id].to_i, files_attributes)
     submission_params
   end
   private :submission_params