secure description and carte page with only log user access

app/controllers/users/carte_controller.rb

@@ -1,4 +1,4 @@
-class Users::CarteController < ApplicationController
+class Users::CarteController < UsersController
   include DossierConcern
 
   def show

app/controllers/users/description_controller.rb

@@ -1,4 +1,4 @@
-class Users::DescriptionController < ApplicationController
+class Users::DescriptionController < UsersController
   def show
     @dossier = Dossier.find(params[:dossier_id])
     @dossier = @dossier.decorate

config/routes.rb

@@ -23,8 +23,8 @@ Rails.application.routes.draw do
       get '/recapitulatif' => 'recapitulatif#show'
       post '/recapitulatif/propose' => 'recapitulatif#propose'
       post '/recapitulatif/depose' => 'recapitulatif#depose'
-      get '/demande' => 'demandes#show'
-      post '/demande' => 'demandes#update'
+      # get '/demande' => 'demandes#show'
+      # post '/demande' => 'demandes#update'
       post '/commentaire' => 'commentaires#create'
 
       get '/carte/position' => 'carte#get_position'

spec/controllers/users/carte_controller_spec.rb

@@ -11,7 +11,23 @@ RSpec.describe Users::CarteController, type: :controller do
   let(:ref_dossier_carto) { 'IATRQPQY' }
   let(:adresse) { etablissement.adresse }
 
+  before do
+    sign_in dossier.user
+  end
+
   describe 'GET #show' do
+
+    context 'user is not connected' do
+      before do
+        sign_out dossier.user
+      end
+
+      it 'redirect to users/sign_in' do
+        get :show, dossier_id: dossier_id
+        expect(response).to redirect_to('/users/sign_in')
+      end
+    end
+
     it 'returns http success' do
       get :show, dossier_id: dossier_id
       expect(response).to have_http_status(:success)

spec/controllers/users/description_controller_spec.rb

@@ -6,7 +6,23 @@ describe Users::DescriptionController, type: :controller do
   let(:dossier_id) { dossier.id }
   let(:bad_dossier_id) { Dossier.count + 10 }
 
+  before do
+    sign_in dossier.user
+  end
+
   describe 'GET #show' do
+
+    context 'user is not connected' do
+      before do
+        sign_out dossier.user
+      end
+
+      it 'redirect to users/sign_in' do
+        get :show, dossier_id: dossier_id
+        expect(response).to redirect_to('/users/sign_in')
+      end
+    end
+
     it 'returns http success' do
       get :show, dossier_id: dossier_id
       expect(response).to have_http_status(:success)

spec/features/datepicker_spec.rb

@@ -4,6 +4,12 @@ feature 'On the description page' do
   let!(:dossier) { create(:dossier, :with_entreprise, :with_procedure, :with_user) }
   before do
     visit users_dossier_description_path dossier
+
+    within('#new_user') do
+      page.find_by_id('user_email').set dossier.user.email
+      page.find_by_id('user_password').set dossier.user.password
+      page.click_on 'Se connecter'
+    end
   end
   scenario 'date_previsionnelle field is present' do
     expect(page).to have_css('#date_previsionnelle')

spec/features/description_page/upload_piece_justificative_spec.rb

@@ -4,6 +4,13 @@ feature 'user is on description page' do
   let(:dossier) { create(:dossier, :with_entreprise, :with_procedure, :with_user) }
   before do
     visit users_dossier_description_path dossier
+
+    within('#new_user') do
+      page.find_by_id('user_email').set dossier.user.email
+      page.find_by_id('user_password').set dossier.user.password
+      page.click_on 'Se connecter'
+    end
+
   end
   it { expect(page).to have_css('#description_page') }