Require being an organizer to modify the state and organizers of a vote

vote.rb

@@ -114,7 +114,7 @@ get '/votes/:id' do
   @vote = Vote.find_by(secure_id: params[:id])
   case @vote.state
   when "open"
-    erb :votes_show
+    erb :votes_show_open
   when "draft"
     if @vote.users.exists?(current_user.id)
       erb :votes_edit
@@ -122,7 +122,7 @@ get '/votes/:id' do
       erb :votes_show_draft
     end
   when "closed"
-    erb :votes_results
+    erb :votes_show_closed
   else
     @vote.state = "draft"
     @vote.save
@@ -133,7 +133,7 @@ end
 post '/votes/:id/edit' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @vote.title = params[:title]
   @vote.description = params[:description]
   @vote.save
@@ -143,7 +143,7 @@ end
 post '/votes/:id/candidates' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @candidate = Candidate.new(name: params[:name],
                              description: params[:description])
   @candidate.vote = @vote
@@ -154,7 +154,7 @@ end
 post '/votes/:id/open' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @vote.state = "open"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -163,7 +163,7 @@ end
 post '/votes/:id/draft' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "open"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "open" and @vote.users.exists?(current_user.id)
   @vote.state = "draft"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -172,7 +172,7 @@ end
 post '/votes/:id/close' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "open"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "open" and @vote.users.exists?(current_user.id)
   @vote.state = "closed"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -181,7 +181,7 @@ end
 post '/votes/:id/reopen' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "closed"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "closed" and @vote.users.exists?(current_user.id)
   @vote.state = "open"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -189,21 +189,22 @@ end
 
 post '/votes/:id/ratings' do
   redirect '/login' unless current_user
-  vote = Vote.find_by(secure_id: params[:id])
-  vote.candidates.each do |candidate|
-    rating = Rating.find_or_initialize_by(vote: vote, user: current_user, candidate: candidate)
+  @vote = Vote.find_by(secure_id: params[:id])
+  @vote.candidates.each do |candidate|
+    rating = Rating.find_or_initialize_by(vote: @vote, user: current_user, candidate: candidate)
     rating.value = params[candidate.id.to_s]
     rating.save
   end
-  redirect '/votes/' + vote.secure_id
+  redirect '/votes/' + @vote.secure_id
 end
 
 post '/votes/:id/organizers' do
   redirect '/login' unless current_user
-  vote = Vote.find_by(secure_id: params[:id])
+  @vote = Vote.find_by(secure_id: params[:id])
+  redirect '/votes/' + @vote.secure_id unless @vote.users.exists?(current_user.id)
   user = User.find_by(email: params[:email])
-  vote.users << user
-  redirect '/votes/' + vote.secure_id
+  @vote.users << user
+  redirect '/votes/' + @vote.secure_id
 end
 
 helpers do