Protect legal aid available page to categorys that are eligible only

app/categories/results/urls.py

@@ -5,10 +5,18 @@
     CannotFindYourProblemPage,
     NextStepsPage,
 )
+from app.mixins import InScopeMixin
+
+
+class InScopeResultPage(InScopeMixin, ResultPage):
+    pass
+
 
 bp.add_url_rule(
     "/legal-aid-available",
-    view_func=ResultPage.as_view("in_scope", template="categories/in-scope.html"),
+    view_func=InScopeResultPage.as_view(
+        "in_scope", template="categories/in-scope.html"
+    ),
 )
 bp.add_url_rule(
     "/legal-aid-available-hlpas",

app/means_test/views.py

@@ -12,6 +12,7 @@
 from app.means_test.forms.outgoings import OutgoingsForm
 from app.means_test.forms.review import ReviewForm, BaseMeansTestForm
 from app.categories.models import CategoryAnswer
+from app.mixins import InScopeMixin
 
 
 class FormsMixin:
@@ -26,7 +27,7 @@ class FormsMixin:
     }
 
 
-class MeansTest(FormsMixin, View):
+class MeansTest(FormsMixin, InScopeMixin, View):
     def __init__(self, current_form_class, current_name):
         self.form_class = current_form_class
         self.current_name = current_name
@@ -50,6 +51,7 @@ def handle_multiple_properties_ajax_request(self, form):
         return None
 
     def dispatch_request(self):
+        self.ensure_in_scope()
         eligibility = session.get_eligibility()
         form_data = eligibility.forms.get(self.current_name, {})
         form = self.form_class(formdata=request.form or None, data=form_data)

app/mixins.py

@@ -0,0 +1,11 @@
+from flask import session, url_for, redirect
+
+
+class InScopeMixin:
+    def dispatch_request(self):
+        self.ensure_in_scope()
+
+    def ensure_in_scope(self):
+        if not session.in_scope:
+            return redirect(url_for("main.session_expired"))
+        return super().dispatch_request()