From b3bbac845ba58d58fafe2a51fd35bd31215a202d Mon Sep 17 00:00:00 2001
From: Matthew Phelan <matthew.phelan@madetech.com>
Date: Thu, 25 Nov 2021 14:46:41 +0000
Subject: [PATCH] Check if logged in before accessing

---
 app/controllers/users/account_controller.rb | 15 +++++++++++++--
 spec/features/user_spec.rb                  |  7 +++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb
index 96511c77a..7780fac79 100644
--- a/app/controllers/users/account_controller.rb
+++ b/app/controllers/users/account_controller.rb
@@ -1,6 +1,17 @@
 class Users::AccountController < ApplicationController
-    def index; end
-    def personal_details; end
+    def check_logged_in
+        if current_user.nil?
+            redirect_to(new_user_session_path())
+        end
+    end
+
+    def index
+        check_logged_in
+    end
+    
+    def personal_details
+        check_logged_in
+    end
 
     def update
         if current_user.update('name': params[:user][:name], 'email': params[:user][:email],)
diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
index c2facb7c7..0be7d0cbc 100644
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@@ -51,6 +51,13 @@ RSpec.describe "User Features" do
     end
   end
 
+  context "If a not logged in user tries to access pages that need permissions" do
+    it "redirects to log in page" do
+      visit("/users/account")
+      expect(page).to have_content("Sign in to your account to submit CORE data")
+    end
+  end
+
   context "Your Account " do
 
     before(:each) do