School dashboard is protected by district-level authentication

[Finishes #179513281]

app/controllers/dashboard_controller.rb

@@ -1,13 +1,22 @@
 class DashboardController < ApplicationController
+  before_action :set_school
 
   def index
-    @school = School.find_by_slug school_slug
+    authenticate(district.name.downcase, "#{district.name.downcase}!")
   end
 
   private
 
+  def set_school
+    @school = School.find_by_slug school_slug
+  end
+
   def school_slug
     params[:school_id]
   end
 
+  def district
+    @school.district
+  end
+
 end

spec/features/school_dashboard_feature_spec.rb

@@ -1,14 +1,27 @@
 require "rails_helper"
 
-RSpec.feature "School dashboard", type: feature do
+feature "School dashboard", type: feature do
   let(:district) { District.create name: 'Winchester' }
   let(:school) {
     School.create name: 'Winchester High School', slug: 'winchester-high-school', district: district
   }
 
+  scenario "User authentication fails" do
+    page.driver.browser.basic_authorize('wrong username', 'wrong password')
+
+    visit "/districts/winchester/schools/#{school.slug}/dashboard?year=2020-21"
+
+    expect(page).not_to have_text(school.name)
+  end
+
   scenario "User views a school dashboard" do
+    page.driver.browser.basic_authorize(username, password)
+
     visit "/districts/winchester/schools/#{school.slug}/dashboard?year=2020-21"
 
     expect(page).to have_text(school.name)
   end
+
+  let(:username) { 'winchester' }
+  let(:password) { 'winchester!' }
 end