MAGETWO-55849: Customer can be deleted without Merchant permissions verification

RuslanKostiv1 · RuslanKostiv1 · commit eb832a219592 · 2016-10-11T18:29:16.000+03:00
diff --git a/app/code/Magento/User/view/adminhtml/templates/user/roles_grid_js.phtml b/app/code/Magento/User/view/adminhtml/templates/user/roles_grid_js.phtml
@@ -72,14 +72,17 @@ require([
 
 });
 </script>
-<script type="text/x-magento-init">
-    {
-        "[data-role=delete-user]" : {
-            "deleteUserAccount" : {
-                "message": "<?php echo $editBlock->escapeHtml($editBlock->getDeleteMessage()) ?>",
-                "url": "<?php /* @noEscape */ echo $editBlock->getDeleteUrl(); ?>",
-                "objId": "<?php echo $editBlock->escapeHtml($editBlock->getObjectId()) ?>"
+
+<?php if (is_object($editBlock)): ?>
+    <script type="text/x-magento-init">
+        {
+            "[data-role=delete-user]" : {
+                "deleteUserAccount" : {
+                    "message": "<?php echo $editBlock->escapeHtml($editBlock->getDeleteMessage()) ?>",
+                    "url": "<?php /* @noEscape */ echo $editBlock->getDeleteUrl(); ?>",
+                    "objId": "<?php echo $editBlock->escapeHtml($editBlock->getObjectId()) ?>"
+                }
             }
         }
-    }
-</script>
+    </script>
+<?php endif; ?>
