<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<blockquote
cite="mid:r2g1855f6861004050859i1b54b9batfed441f652c60105@mail.gmail.com"
type="cite">On Mon, Apr 5, 2010 at 11:54 AM, Dave Reid <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:dave@davereid.net">dave@davereid.net</a>></span>
wrote:<br>
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<div>Might want to checkout something like <a moz-do-not-send="true"
href="http://drupal.org/project/userprotect" target="_blank">http://drupal.org/project/userprotect</a>
where you wouldn't have to touch any code at all.</div>
</blockquote>
</div>
</blockquote>
I like the idea. Unfortunately it appears to apply only to new, not
existing accounts, and it's bogglingly complicated.<br>
<br>
<blockquote
cite="mid:r2g1855f6861004050859i1b54b9batfed441f652c60105@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><br>
</div>
<div>In addition, watchdog messages should show the currently
logged in user when the message was fired. That would be the person who
deleted the account.</div>
</blockquote>
</div>
</blockquote>
<br>
The deletions in question were attributed to "ANON," which probably was
the deleted account itself, but also could have been any subsequently
deleted account.<br>
<br>
The broader problem seems to be that there is no way to prevent user
deletions short of hacking core or altering every form that might try
to delete users. The "administer users" permission grants deletion
rights, and that means every moderator who is empowered to block
spammers gets the ability to destroy data. Don't like that a bit.<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>