Some permissions fixs and security for atomic vote

election/templates/election/candidate_form.jinja

@@ -5,7 +5,7 @@
 {% endblock %}
 
 {% block content %}
-    {%- if election.can_candidate(user) or user.can_edit(election) %}
+    {%- if (election.can_candidate(user) and election.is_candidature_active) or (user.can_edit(election) and election.is_vote_editable) %}
     <section class="election__add-candidature">
         <form action="{{ url('election:candidate', election_id=election.id) }}" method="post">
             {% csrf_token %}

election/templates/election/election_detail.jinja

@@ -359,7 +359,7 @@ th {
     </section>
     {%- endif %}
     <section class="election__add-elements">
-    {%- if election.can_candidate(user) or user.can_edit(election) %}
+    {%- if (election.can_candidate(user) and election.is_candidature_active) or (user.can_edit(election) and election.is_vote_editable) %}
         <a href="{{ url('election:candidate', election_id=object.id) }}">{% trans %}Candidate{% endtrans %}</a>
     {%- endif %}
         <a href="{{ url('election:create_list', election_id=object.id) }}">{% trans %}Add a new list{% endtrans %}</a>