Bug 17316: Do not display the list's name if the user does not have permission - OPAC

At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.

Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt

@@ -153,7 +153,7 @@
                     </div>
                 [% END %]
 
-                    [% IF op == 'view' %]
+                    [% IF shelf AND op == 'view' %]
                         <h3>
                             [% shelf.shelfname |html %]
                             <a href="[% OPACBaseURL %]/cgi-bin/koha/opac-shelves.pl?rss=1&amp;op=view&amp;shelfnumber=[% shelf.shelfnumber %]" class="rss-list-link noprint">

opac/opac-shelves.pl

@@ -339,6 +339,7 @@ if ( $op eq 'view' ) {
             }
         } else {
             push @messages, { type => 'error', code => 'unauthorized_on_view' };
+            undef $shelf;
         }
     } else {
         push @messages, { type => 'error', code => 'does_not_exist' };