Cancel account button on user form triggers server-side validation.

An easy way to reproduce the issue in core:

1. Create a user with email address test1@example.com
2. Create a user with email address test2@example.com
3. Edit the first user, change the email address to test2@example.com, hit the "Cancel account" button

@darvanen Asked for opinions on this via Slack. Most other entities in core (citation needed 🤓😉) have a Delete link, not a button, for exactly this reason. I think that'd be the cleanest, best, most consistent solution here. So +1 to proposed solution 3, even though it's a (slightly?) bigger change.

We looked at this issue during #3257468: Drupal Usability Meeting 2022-01-14.

There was no objections to changing the button to a link, and making this consistent with other core entity types. It was also highlighted that this is potentially an accessibility issue, so tagging for accessiblity review.

During the meeting we also checked Node, and the "Delete" action is indeed a normal link.

Can someone provide a snapshot here as to the change? Is there before/after for HTML? Demo environment?

Buttons do things, Links go somewhere. Is it a button or a link?

When you delete a node, you generally leave the page (because it has been deleted).

Anyways, need more information.

why is that check for user 1 there? It's an unrelated change, kind of, but if we're touching this code I'd prefer to remove it.

Can't delete the user 1 account so don't show the button. This should be abstracted in something like $entity->canDelete() or something more meaningful.

Let's not touch the access check, keep the scope of the issue well defined. This will likely be removed anyway as part of #540008: Add a container parameter that can remove the special behavior of UID#1. I have added a comment to that effect #540008-312: Add a container parameter that can remove the special behavior of UID#1.

Any thoughts about this alternative approach?

Secondly, and this may end up making the first point moot: if we change the link template name from 'cancel-form' to 'delete-form', then the creation of the delete button will be entirely handled by \Drupal\Core\Entity\EntityForm::actions further up the chain.

I would agree that is a good idea, although I think we should try to keep the scope of this issue well defined. For instance, if in this issue we change it from a button to a link, that aligns the UI/UX with \Drupal\Core\Entity\EntityForm::actions, then making it easier to make that change in a follow-up issue. As both tasks have very different considerations and scopes.

Tested the MR and everything works as expected, changes in MR look good, nice touch on the destination parameter.

I was going to RTBC this, but setting it back to NW as we need to find or create a follow-up issue for exploring whether \Drupal\Core\Entity\EntityForm::actions can be used.

Thanks,
-Aaron

Great, yeah we can reuse #2250377: ProfileForm::actions() defines new delete element instead of altering it as it expects for the next step, it'll just need to be updated/rescoped to clearly show what the next steps are, but the main next step will be changing cancel-form to delete-form is basically what needs done next. Once that's done we'll be in a good place to strip down ProfileForm::actions().

Moving this to RTBC.

Note regarding the "needs accessibility review" tag, which is still present: this was added as a suggestion by @xjm during the UX meeting because it was felt that if this is an improvement from an accessibility perspective then it's easier to get it committed, even if the change is slightly disruptive.

Can we have a change record for this change since this could impact themes and modules.

The change in Claro described in #11 is correct - the styles there are Claro styles for links with button class and this change will make this consistent with other entity forms.

Reviewed the CR. Looks great, thanks! Very clear about what the impact of this change might be and how to address it. Removing that tag.

Which subsystem maintainer needs to review this? Was that intentional? Also, is "user system" or "user.module" a more appropriate component than "entity system"?

I think @mgifford's comment in #7 is actually sufficient here for accessibility review - the button was redirecting to go to a page instead of doing anything, which means it always should have been a link, and we were working around it not being one. Additionally we're using the delete link pattern on other entity types already and user was the odd one out. So making it consistent here matches the observation in #7.

Adding credit for usability meeting attendees too.

Committed/pushed to 10.0.x and cherry-picked to 9.4.x, thanks!

Thanks @catch, this now unblocks #2250377: ProfileForm::actions() defines new delete element instead of altering it as it expects if anyone has the time to work on it.