forbid users to import an exercise they do not have access to (previously a new one was created)

app/controllers/exercises_controller.rb

@@ -188,6 +188,8 @@ class ExercisesController < ApplicationController
       exercise.save!
       return render json: {}, status: 201
     end
+  rescue Proforma::ExerciseNotOwned
+    render json: {}, status: 401
   rescue Proforma::ProformaError
     render json: t('exercises.import_codeharbor.import_errors.invalid'), status: 400
   rescue StandardError

app/errors/proforma/exercise_not_owned.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Proforma
+  class ExerciseNotOwned < StandardError; end
+end

app/services/proforma_service/import.rb

@@ -28,9 +28,13 @@ module ProformaService
 
     def base_exercise
       exercise = Exercise.find_by(uuid: @task.uuid)
-      return exercise if exercise && ExercisePolicy.new(@user, exercise).update?
+      if exercise
+        raise Proforma::ExerciseNotOwned unless ExercisePolicy.new(@user, exercise).update?
 
-      Exercise.new(uuid: @task.uuid, unpublished: true)
+        exercise
+      else
+        Exercise.new(uuid: @task.uuid, unpublished: true)
+      end
     end
 
     def import_multi