By default Moralis allows any authenticated user to upload Files. It's a good idea to put in logic that restricts file uploads.
If your app has no use for files they should be completely disabled. You can disable all file uploads by including the following trigger in your cloud code.
You can do any custom logic you want in order to determine wether a file should be allowed to save or not. For example you can analyze the request object in order to see which user is trying to save the file.