Authorize resource after authenticating user

Just like it's done everywhere else in the application. Not doing so
means users who aren't logged in receive a "you aren't authorized"
message when they try to create a new legislation proposal instead of
being redirected to the login page.

app/controllers/legislation/proposals_controller.rb

@@ -2,13 +2,13 @@ class Legislation::ProposalsController < Legislation::BaseController
   include CommentableActions
   include FlagActions
 
-  load_and_authorize_resource :process, class: "Legislation::Process"
-  load_and_authorize_resource :proposal, class: "Legislation::Proposal", through: :process
-
   before_action :parse_tag_filter, only: :index
   before_action :load_categories, only: [:index, :new, :create, :edit, :map, :summary]
   before_action :load_geozones, only: [:edit, :map, :summary]
+
   before_action :authenticate_user!, except: [:index, :show, :map, :summary]
+  load_and_authorize_resource :process, class: "Legislation::Process"
+  load_and_authorize_resource :proposal, class: "Legislation::Proposal", through: :process
 
   invisible_captcha only: [:create, :update], honeypot: :subtitle
 

spec/features/legislation/processes_spec.rb

@@ -255,6 +255,16 @@ feature 'Legislation' do
         expect(page).to have_content("There are no proposals")
       end
 
+      scenario 'create proposal button redirects to register path if user is not logged in' do
+        process = create(:legislation_process, :in_proposals_phase)
+
+        visit legislation_process_proposals_path(process)
+        click_link "Create a proposal"
+
+        expect(page).to have_current_path new_user_session_path
+        expect(page).to have_content "You must sign in or register to continue"
+      end
+
       include_examples "not published permissions", :legislation_process_proposals_path
     end
   end