Gate /component-guide behind GOV.UK Signon

Wraps the engine mount in a GDS::SSO::AuthorisedUserConstraint so the
component-guide requires a signed-in Whitehall user. This keeps the
guide available in all environments (per commit 8b3a40a) while
ensuring it is not publicly accessible.

Author: TonyGDS

config/routes.rb

@@ -453,5 +453,7 @@ def redirect(path, options = { prefix: Whitehall.router_prefix })
 
   mount Flipflop::Engine => "/flipflop"
 
-  mount GovukPublishingComponents::Engine, at: "/component-guide"
+  constraints(GDS::SSO::AuthorisedUserConstraint.new(User::Permissions::SIGNIN)) do
+    mount GovukPublishingComponents::Engine, at: "/component-guide"
+  end
 end

test/integration/component_guide_test.rb

@@ -0,0 +1,15 @@
+require "test_helper"
+
+class ComponentGuideTest < ActionDispatch::IntegrationTest
+  test "redirects unauthenticated users to signon" do
+    ENV["GDS_SSO_MOCK_INVALID"] = "1"
+    get "/component-guide"
+    assert_redirected_to "/auth/gds"
+  end
+
+  test "allows access when signed in" do
+    login_as_admin
+    get "/component-guide"
+    assert_response :success
+  end
+end