Rethink permissions in CodeOcean for usage in schools and adopt views

app/policies/application_policy.rb

@@ -9,22 +9,28 @@ class ApplicationPolicy
   end
   private :teacher?
 
+  def author?
+    @user == @record.author
+  end
+  private :author?
+
   def everyone
+    # As the ApplicationController forces to have any authorization, `everyone` here means `every user logged in`
     true
   end
   private :everyone
 
+  def no_one
+    false
+  end
+  private :no_one
+
   def initialize(user, record)
     @user = user
     @record = record
     require_user!
   end
 
-  def no_one
-    false
-  end
-  private :no_one
-
   def require_user!
     fail Pundit::NotAuthorizedError unless @user
   end