From 4539b824a8876d70463d551927fb16c49341aaa2 Mon Sep 17 00:00:00 2001
From: gloas <gloas@afi-sa.fr>
Date: Fri, 22 Sep 2017 14:55:29 +0200
Subject: [PATCH] hotline #64837 fix access to front admin shortcuts
---
.../ZendAfi/View/Helper/FonctionsAdmin.php | 14 ++--
.../View/Helper/FonctionsAdmin/Boite.php | 1 +
.../View/Helper/Admin/FonctionsAdminTest.php | 64 +++++++++++++++++++
3 files changed, 73 insertions(+), 6 deletions(-)
create mode 100644 tests/library/ZendAfi/View/Helper/Admin/FonctionsAdminTest.php
diff --git a/library/ZendAfi/View/Helper/FonctionsAdmin.php b/library/ZendAfi/View/Helper/FonctionsAdmin.php
index 1cc51cdb9f7..8f99876bee0 100644
--- a/library/ZendAfi/View/Helper/FonctionsAdmin.php
+++ b/library/ZendAfi/View/Helper/FonctionsAdmin.php
@@ -37,12 +37,14 @@ class ZendAfi_View_Helper_FonctionsAdmin extends ZendAfi_View_Helper_BaseHelper
$actions = [$this->_extended($extended_actions)];
- if (Class_Users::isCurrentUserAllowedToEditProfile($profile))
- $actions = array_merge($actions,
- [$this->_config(),
- $this->_versions(),
- $this->_add(),
- $this->_delete()]);
+ if (!Class_Users::isCurrentUserAllowedToEditProfile($profile))
+ return '';
+
+ $actions = array_merge($actions,
+ [$this->_config(),
+ $this->_versions(),
+ $this->_add(),
+ $this->_delete()]);
$html = trim(implode(' ', array_filter($actions)));
diff --git a/library/ZendAfi/View/Helper/FonctionsAdmin/Boite.php b/library/ZendAfi/View/Helper/FonctionsAdmin/Boite.php
index d90e04ca310..698b9ac6629 100644
--- a/library/ZendAfi/View/Helper/FonctionsAdmin/Boite.php
+++ b/library/ZendAfi/View/Helper/FonctionsAdmin/Boite.php
@@ -25,6 +25,7 @@ class ZendAfi_View_Helper_FonctionsAdmin_Boite extends ZendAfi_View_Helper_Fonct
return $this->_config();
}
+
protected function getPopupUrlParams() {
return ['module' => 'admin',
'controller' => 'widget',
diff --git a/tests/library/ZendAfi/View/Helper/Admin/FonctionsAdminTest.php b/tests/library/ZendAfi/View/Helper/Admin/FonctionsAdminTest.php
new file mode 100644
index 00000000000..2696defa8be
--- /dev/null
+++ b/tests/library/ZendAfi/View/Helper/Admin/FonctionsAdminTest.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+class FonctionsAdminHelperTest extends ViewHelperTestCase {
+ protected $_content;
+
+
+ public function setUp() {
+ parent::setUp();
+
+ Class_Profil::setCurrentProfil($this->fixture('Class_Profil',
+ ['id' => 56,
+ 'libelle' => 'test']));
+
+ $this->helper = new ZendAfi_View_Helper_FonctionsAdmin();
+ $this->helper->setView($this->view);
+ }
+
+
+ /** @test */
+ public function contentShouldContainsTest() {
+ ZendAfi_Auth::getInstance()
+ ->logUser($this->fixture('Class_Users',
+ ['id' => 89,
+ 'login' => 'test89',
+ 'password' => 'password',
+ 'role_level' => ZendAfi_Acl_AdminControllerRoles::SUPER_ADMIN]));
+ $this->_content = $this->helper->fonctionsAdmin(0, false, null, [function() {return 'test';}]);
+ $this->assertContains('test', $this->_content);
+ }
+
+
+ /** @test */
+ public function contentShouldBeEmpty() {
+ ZendAfi_Auth::getInstance()
+ ->logUser($this->fixture('Class_Users',
+ ['id' => 89,
+ 'login' => 'test89',
+ 'password' => 'password',
+ 'id_site' => 1,
+ 'role_level' => ZendAfi_Acl_AdminControllerRoles::ADMIN_BIB]));
+ $this->_content = $this->helper->fonctionsAdmin(0, false, null, [function() {return 'test';}]);
+ $this->assertEquals('', $this->_content);
+ }
+}
\ No newline at end of file
--
GitLab