Fix submission access for teacher_in_study_group?

Author: MrSerth

app/policies/submission_policy.rb

@@ -23,11 +23,7 @@ def index?
   end
 
   def show?
-    admin? || author? || author_in_programming_group? || teacher_in_study_group?
-  end
-
-  def show_study_group?
-    admin? || teacher_in_study_group?
+    admin? || author? || author_in_programming_group? || (teacher_in_study_group? && CausesScope.new(@user, @record).resolve.include?(@record.cause))
   end
 
   class Scope < Scope

app/views/external_users/statistics.html.slim

@@ -17,7 +17,7 @@ h1 = t('.title', user: @user.displayname)
         - exercises.each do |exercise|
           // Grab any submission in context of study group (or all if admin). Then check for permission
           - any_submission = submissions.where(exercise:).first
-          - if any_submission && policy(any_submission).show_study_group? && statistics[exercise.id]
+          - if any_submission && policy(any_submission.study_group).show? && statistics[exercise.id]
             - stats = statistics[exercise.id]
             tr
               td = link_to exercise, controller: 'exercises', action: 'external_user_statistics', external_user_id: @user.id, id: exercise.id

app/views/request_for_comments/show.html.slim

@@ -11,7 +11,7 @@
     - testruns = submission.testruns
     = link_to_if(policy(user).show?, user.displayname, user)
     | | #{@request_for_comment.created_at.localtime}
-    - if @request_for_comment.submission.study_group.present? && policy(@request_for_comment.submission).show_study_group?
+    - if @request_for_comment.submission.study_group.present? && policy(@request_for_comment.submission.study_group).show?
       = ' | '
       = link_to_if(policy(@request_for_comment.submission.study_group).show?, @request_for_comment.submission.study_group, @request_for_comment.submission.study_group)
   .rfc