Merge branch 'develop' of https://github.com/magento/magento2ce into MPI-PR-develop

Author: rliukshyn

app/code/Magento/User/Block/User/Edit.php

@@ -48,11 +48,25 @@ protected function _construct()
         parent::_construct();
 
         $this->buttonList->update('save', 'label', __('Save User'));
-        $this->buttonList->update('delete', 'label', __('Delete User'));
+        $this->buttonList->remove('delete');
 
         $objId = $this->getRequest()->getParam($this->_objectId);
 
         if (!empty($objId)) {
+            $this->addButton(
+                'delete',
+                [
+                    'label' => __('Delete User'),
+                    'class' => 'delete',
+                    'onclick' => sprintf(
+                        'deleteConfirm("%s", "%s", %s)',
+                        __('Are you sure you want to do this?'),
+                        $this->getUrl('adminhtml/*/delete'),
+                        json_encode(['data' => ['user_id' => $objId]])
+                    ),
+                ]
+            );
+
             $deleteConfirmMsg = __("Are you sure you want to revoke the user\'s tokens?");
             $this->addButton(
                 'invalidate',

app/code/Magento/User/Controller/Adminhtml/User/Delete.php

@@ -14,8 +14,8 @@ class Delete extends \Magento\User\Controller\Adminhtml\User
     public function execute()
     {
         $currentUser = $this->_objectManager->get(\Magento\Backend\Model\Auth\Session::class)->getUser();
-
-        if ($userId = $this->getRequest()->getParam('user_id')) {
+        $userId = (int)$this->getRequest()->getPost('user_id');
+        if ($userId) {
             if ($currentUser->getId() == $userId) {
                 $this->messageManager->addError(__('You cannot delete your own account.'));
                 $this->_redirect('adminhtml/*/edit', ['user_id' => $userId]);

dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/User/DeleteTest.php

@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\User\Controller\Adminhtml\User;
+
+/**
+ * Test class for \Magento\User\Controller\Adminhtml\User\Delete
+ * @magentoAppArea adminhtml
+ */
+class DeleteTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+{
+    /**
+     * @covers \Magento\User\Controller\Adminhtml\User\Delete::execute
+     */
+    public function testDeleteActionWithError()
+    {
+        $user = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+            ->create(\Magento\User\Model\User::class);
+        /** @var \Magento\Framework\Message\ManagerInterface $messageManager */
+        $messageManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+            ->get(\Magento\Framework\Message\ManagerInterface::class);
+        $user->load(1);
+        $this->getRequest()->setPostValue('user_id', $user->getId() . '_suffix_ignored_in_mysql_casting_to_int');
+
+        $this->dispatch('backend/admin/user/delete');
+        $message = $messageManager->getMessages()->getLastAddedMessage()->getText();
+        $this->assertEquals('You cannot delete your own account.', $message);
+    }
+}

lib/web/mage/adminhtml/globals.js

@@ -3,8 +3,9 @@
  * See COPYING.txt for license details.
  */
 define([
-    'Magento_Ui/js/modal/confirm'
-], function (confirm) {
+    'Magento_Ui/js/modal/confirm',
+    'mage/dataPost'
+], function (confirm, dataPost) {
     'use strict';
 
     /**
@@ -19,14 +20,20 @@ define([
      * Helper for onclick action.
      * @param {String} message
      * @param {String} url
+     * @param {Object} postData
      * @returns {boolean}
      */
-    window.deleteConfirm = function (message, url) {
+    window.deleteConfirm = function (message, url, postData) {
         confirm({
             content: message,
             actions: {
                 confirm: function () {
-                    setLocation(url);
+                    if (postData !== undefined) {
+                        postData.action = url;
+                        dataPost().postData(postData);
+                    } else {
+                        setLocation(url);
+                    }
                 }
             }
         });