diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 533d4039768..a5347387349 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -85,7 +85,7 @@ function dol_hash($chain,$type=0)
  * 	If GETPOST('action') defined, we also check write and delete permission.
  *
  *	@param	User	$user      	  	User to check
- *	@param  string	$features	    Features to check (in most cases, it's module name)
+ *	@param  string	$features	    Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
  *	@param  int		$objectid      	Object ID if we want to check permission on a particular record (optionnal)
  *	@param  string	$dbtablename    Table name where object is stored. Not used if objectid is null (optionnal)
  *	@param  string	$feature2		Feature to check, second level of permission (optionnal)
@@ -94,7 +94,7 @@ function dol_hash($chain,$type=0)
  *  @param	Canvas	$objcanvas		Object canvas
  * 	@return	int						Always 1, die process if not allowed
  */
-function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $objcanvas=null)
+function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $objcanvas=null)
 {
     global $db, $conf;
 
@@ -163,11 +163,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
         }
     }
 
-    if (! $readok)
-    {
-        //print "Read access is down";
-        accessforbidden();
-    }
+    if (! $readok) accessforbidden();
     //print "Read access is ok";
 
     // Check write permission from module
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 88ffcac9043..30f1936d985 100755
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -41,6 +41,14 @@ if (! defined('NOREQUIREHTML'))  define('NOREQUIREHTML','1'); // If we don't nee
 if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');
 if (! defined("NOLOGIN"))        define("NOLOGIN",'1');       // If this page is public (can be called outside logged session)
 
+if (empty($user->id))
+{
+    print "Load permissions for admin user nb 1\n";
+    $user->fetch(1);
+    $user->getrights();
+}
+$conf->global->MAIN_DISABLE_ALL_MAILS=1;
+
 
 /**
  * Class for PHPUnit tests
@@ -226,15 +234,23 @@ class SecurityTest extends PHPUnit_Framework_TestCase
     }
 
     /**
-     * testGetRandomPassword
+     * testRestrictedArea
      *
-     * @return number
+     * @return void
      */
     public function testRestrictedArea()
     {
+    	global $conf,$user,$langs,$db;
+		$conf=$this->savconf;
+		$user=$this->savuser;
+		$langs=$this->savlangs;
+		$db=$this->savdb;
 
+		//$dummyuser=new User($db);
+		//$result=restrictedArea($dummyuser,'societe');
 
-
+		$result=restrictedArea($user,'societe');
+		$this->assertEquals(1,$result);
     }
 
 }