hotline #64837 fix access to front admin shortcuts

library/ZendAfi/View/Helper/FonctionsAdmin.php

@@ -37,12 +37,14 @@ class ZendAfi_View_Helper_FonctionsAdmin extends ZendAfi_View_Helper_BaseHelper
 
     $actions = [$this->_extended($extended_actions)];
 
-    if (Class_Users::isCurrentUserAllowedToEditProfile($profile))
-      $actions = array_merge($actions,
-                             [$this->_config(),
-                              $this->_versions(),
-                              $this->_add(),
-                              $this->_delete()]);
+    if (!Class_Users::isCurrentUserAllowedToEditProfile($profile))
+      return '';
+
+    $actions = array_merge($actions,
+                           [$this->_config(),
+                            $this->_versions(),
+                            $this->_add(),
+                            $this->_delete()]);
 
     $html = trim(implode(' ', array_filter($actions)));
 

library/ZendAfi/View/Helper/FonctionsAdmin/Boite.php

@@ -25,6 +25,7 @@ class ZendAfi_View_Helper_FonctionsAdmin_Boite extends ZendAfi_View_Helper_Fonct
     return $this->_config();
   }
 
+
   protected function getPopupUrlParams()  {
     return ['module' => 'admin',
             'controller' => 'widget',

tests/library/ZendAfi/View/Helper/Admin/FonctionsAdminTest.php

+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+ */
+
+
+class FonctionsAdminHelperTest extends ViewHelperTestCase {
+  protected $_content;
+
+
+  public function setUp() {
+    parent::setUp();
+
+    Class_Profil::setCurrentProfil($this->fixture('Class_Profil',
+                                                  ['id' => 56,
+                                                   'libelle' => 'test']));
+
+    $this->helper = new ZendAfi_View_Helper_FonctionsAdmin();
+    $this->helper->setView($this->view);
+  }
+
+
+  /** @test */
+  public function contentShouldContainsTest() {
+    ZendAfi_Auth::getInstance()
+      ->logUser($this->fixture('Class_Users',
+                               ['id' => 89,
+                                'login' => 'test89',
+                                'password' => 'password',
+                                'role_level' => ZendAfi_Acl_AdminControllerRoles::SUPER_ADMIN]));
+    $this->_content = $this->helper->fonctionsAdmin(0, false, null, [function() {return 'test';}]);
+    $this->assertContains('test', $this->_content);
+  }
+
+
+  /** @test */
+  public function contentShouldBeEmpty() {
+    ZendAfi_Auth::getInstance()
+      ->logUser($this->fixture('Class_Users',
+                               ['id' => 89,
+                                'login' => 'test89',
+                                'password' => 'password',
+                                'id_site' => 1,
+                                'role_level' => ZendAfi_Acl_AdminControllerRoles::ADMIN_BIB]));
+    $this->_content = $this->helper->fonctionsAdmin(0, false, null, [function() {return 'test';}]);
+    $this->assertEquals('', $this->_content);
+  }
+}
\ No newline at end of file