diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 87bf36a..b095df5 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,6 @@
 class UsersController < ApplicationController
   include SessionsHelper
+  before_action :logged_in_user, only: [:edit, :update]
   def show
     @user = User.find(params[:id])
     # debugger
@@ -43,4 +44,11 @@ class UsersController < ApplicationController
     params.require(:user).permit(:name, :email, :password,
                                  :password_confirmation)
   end
+
+  def logged_in_user
+    unless logged_in?
+      flash[:danger] = "Please log in."
+      redirect_to login_url
+    end
+  end
 end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index ff617e0..bfcca93 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -7,4 +7,9 @@ one:
 michael:
   name: Michael Example
   email: michael@example.com
+  password_digest: <%= User.digest('password') %>
+
+archer:
+  name: Sterling Archer
+  email: suchess@example.gov
   password_digest: <%= User.digest('password') %>
\ No newline at end of file
diff --git a/test/integration/users_edit_test.rb b/test/integration/users_edit_test.rb
index 80cd533..6d0e549 100644
--- a/test/integration/users_edit_test.rb
+++ b/test/integration/users_edit_test.rb
@@ -6,6 +6,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
   end
 
   test "successful edit" do
+    log_in_as(@user)
     get edit_user_path(@user)
     assert_template 'users/edit'
     name = "Foo Bae"
@@ -22,6 +23,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
   end
 
   test "unsuccessful edit" do
+    log_in_as(@user)
     get edit_user_path(@user)
     assert_template 'users/edit'
     patch user_path(@user), params: { user: { name: "",
@@ -31,4 +33,17 @@ class UsersEditTest < ActionDispatch::IntegrationTest
                             } }
     assert_template 'users/edit'
   end
+
+  test "should redirect edit when not logged in" do
+    get edit_user_path(@user)
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test "should redirect update when not logged in" do
+    patch user_path(@user), params: { user: { name: @user.name,
+                                              email: @user.email } }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
 end