codeocean/app/policies/admin_or_author_policy.rb

class AdminOrAuthorPolicy < ApplicationPolicy
  [:create?, :index?, :new?].each do |action|
    define_method(action) { @user.internal? }
  end

  [:destroy?, :edit?, :show?, :update?].each do |action|
    define_method(action) { admin? || author? }
  end
end