2026-06-23 10:09:58 +02:00
2 changed files with 5 additions and 0 deletions
--- a/src/app/Views/admin/layout.php
+++ b/src/app/Views/admin/layout.php
@ -79,6 +79,8 @@ $navClass = static function (string $code, string $current): string {
                    </div>
                </button>
                <div class="dropdown-menu" id="userMenu">
+                    <a href="/admin/profile/pin">Mon PIN d'action sensible</a>
+                    <div class="divider"></div>
                    <form method="post" action="/logout">
                        <input type="hidden" name="_csrf" value="<?= $csrf ?>">
                        <button class="danger" type="submit">Se deconnecter</button>
--- a/tests/Unit/Admin/DashboardControllerTest.php
+++ b/tests/Unit/Admin/DashboardControllerTest.php
@ -160,6 +160,9 @@ final class DashboardControllerTest extends TestCase
        // Deconnexion = formulaire POST avec CSRF.
        self::assertStringContainsString('action="/logout"', $body);
        self::assertStringContainsString('name="_csrf"', $body);
+        // Le menu utilisateur rend la page self-service du PIN (decouvrable, pas
+        // seulement par URL directe).
+        self::assertStringContainsString('/admin/profile/pin', $body);
    }

    public function testForbiddenWhenPermissionDenied(): void