Merge branch '2.0' into FearlessKiwis-MAGETWO-57065-admin-stuck-on-changing-password-2.0

Mike Weis · Mike Weis · commit 29c7e7d3cf48 · 2016-09-06T17:02:30.000-05:00
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
@@ -36,7 +36,10 @@
                                 <span><?php /* @escapeNotVerified */ echo __('View Order') ?></span>
                             </a>
                             <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-                                <a href="<?php /* @escapeNotVerified */ echo $block->getReorderUrl($_order) ?>" class="action order">
+                                <a href="#" data-post='<?php /* @escapeNotVerified */ echo
+                                $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
+                                    ->getPostData($block->getReorderUrl($_order))
+                                ?>' class="action order">
                                     <span><?php /* @escapeNotVerified */ echo __('Reorder') ?></span>
                                 </a>
                             <?php endif ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
@@ -10,7 +10,10 @@
 <div class="actions">
     <?php  $_order = $block->getOrder() ?>
     <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-        <a class="action reorder" href="<?php /* @escapeNotVerified */ echo $block->getReorderUrl($_order) ?>">
+        <a href="#" data-post='<?php /* @escapeNotVerified */ echo
+        $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
+            ->getPostData($block->getReorderUrl($_order))
+        ?>' class="action order">
             <span><?php /* @escapeNotVerified */ echo __('Reorder') ?></span>
         </a>
     <?php endif ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml b/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml
@@ -46,7 +46,10 @@
                                     <span><?php /* @escapeNotVerified */ echo __('View Order') ?></span>
                                 </a>
                                 <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-                                    <a href="<?php /* @escapeNotVerified */ echo $block->getReorderUrl($_order) ?>" class="action order">
+                                    <a href="#" data-post='<?php /* @escapeNotVerified */ echo
+                                    $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
+                                        ->getPostData($block->getReorderUrl($_order))
+                                    ?>' class="action order">
                                         <span><?php /* @escapeNotVerified */ echo __('Reorder') ?></span>
                                     </a>
                                 <?php endif ?>
diff --git a/app/code/Magento/User/Block/User/Edit.php b/app/code/Magento/User/Block/User/Edit.php
@@ -48,11 +48,25 @@ protected function _construct()
         parent::_construct();
 
         $this->buttonList->update('save', 'label', __('Save User'));
-        $this->buttonList->update('delete', 'label', __('Delete User'));
+        $this->buttonList->remove('delete');
 
         $objId = $this->getRequest()->getParam($this->_objectId);
 
         if (!empty($objId)) {
+            $this->addButton(
+                'delete',
+                [
+                    'label' => __('Delete User'),
+                    'class' => 'delete',
+                    'onclick' => sprintf(
+                        'deleteConfirm("%s", "%s", %s)',
+                        __('Are you sure you want to do this?'),
+                        $this->getUrl('adminhtml/*/delete'),
+                        json_encode(['data' => ['user_id' => $objId]])
+                    ),
+                ]
+            );
+
             $deleteConfirmMsg = __("Are you sure you want to revoke the user\'s tokens?");
             $this->addButton(
                 'invalidate',
diff --git a/app/code/Magento/User/Controller/Adminhtml/User/Delete.php b/app/code/Magento/User/Controller/Adminhtml/User/Delete.php
@@ -13,9 +13,9 @@ class Delete extends \Magento\User\Controller\Adminhtml\User
      */
     public function execute()
     {
-        $currentUser = $this->_objectManager->get('Magento\Backend\Model\Auth\Session')->getUser();
+        $currentUser = $this->_objectManager->get(\Magento\Backend\Model\Auth\Session::class)->getUser();
 
-        if ($userId = $this->getRequest()->getParam('user_id')) {
+        if ($userId = (int)$this->getRequest()->getPost('user_id')) {
             if ($currentUser->getId() == $userId) {
                 $this->messageManager->addError(__('You cannot delete your own account.'));
                 $this->_redirect('adminhtml/*/edit', ['user_id' => $userId]);
diff --git a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/User/DeleteTest.php b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/User/DeleteTest.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\User\Controller\Adminhtml\User;
+
+/**
+ * Test class for \Magento\User\Controller\Adminhtml\User\Delete
+ * @magentoAppArea adminhtml
+ */
+class DeleteTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+{
+    /**
+     * @covers \Magento\User\Controller\Adminhtml\User\Delete::execute
+     */
+    public function testDeleteActionWithError()
+    {
+        $user = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+            ->create(\Magento\User\Model\User::class);
+        /** @var \Magento\Framework\Message\ManagerInterface $messageManager */
+        $messageManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+            ->get(\Magento\Framework\Message\ManagerInterface::class);
+        $user->load(1);
+        $this->getRequest()->setPostValue('user_id', $user->getId() . '_suffix_ignored_in_mysql_casting_to_int');
+
+        $this->dispatch('backend/admin/user/delete');
+        $message = $messageManager->getMessages()->getLastAddedMessage()->getText();
+        $this->assertEquals('You cannot delete your own account.', $message);
+    }
+}
diff --git a/lib/web/mage/adminhtml/globals.js b/lib/web/mage/adminhtml/globals.js
@@ -3,8 +3,9 @@
  * See COPYING.txt for license details.
  */
 define([
-    'Magento_Ui/js/modal/confirm'
-], function (confirm) {
+    'Magento_Ui/js/modal/confirm',
+    'mage/dataPost'
+], function (confirm, dataPost) {
     'use strict';
 
     /**
@@ -19,14 +20,20 @@ define([
      * Helper for onclick action.
      * @param {String} message
      * @param {String} url
+     * @param {Object} postData
      * @returns {boolean}
      */
-    window.deleteConfirm = function (message, url) {
+    window.deleteConfirm = function (message, url, postData) {
         confirm({
             content: message,
             actions: {
                 confirm: function () {
-                    setLocation(url);
+                    if (postData !== undefined) {
+                        postData.action = url;
+                        dataPost().postData(postData);
+                    } else {
+                        setLocation(url);
+                    }
                 }
             }
         });
