Prevent non-organizers from editing

app/controllers/activities_controller.rb

@@ -4,6 +4,7 @@ class ActivitiesController < ApplicationController
   before_action :set_group
   before_action :require_membership!
   before_action :require_leader!, only: [:mass_new, :mass_create, :new, :create, :destroy]
+  before_action :require_organizer!, only: [:edit, :update, :change_organizer]
 
   # GET /groups/:id/activities
   # GET /activities.json

app/helpers/activities_helper.rb

@@ -1,2 +1,8 @@
 module ActivitiesHelper
+  def require_organizer!
+    if !@activity.may_change?(current_person)
+      flash_message(:danger, I18n.t('authentication.organizer_required'))
+      redirect_to group_activity_path(@group, @activity)
+    end
+  end
 end