On Mon, Apr 5, 2010 at 11:54 AM, Dave Reid <dave@davereid.net <mailto:dave@davereid.net>> wrote:
Might want to checkout something like http://drupal.org/project/userprotect where you wouldn't have to touch any code at all.
I like the idea. Unfortunately it appears to apply only to new, not existing accounts, and it's bogglingly complicated.
In addition, watchdog messages should show the currently logged in user when the message was fired. That would be the person who deleted the account.
The deletions in question were attributed to "ANON," which probably was the deleted account itself, but also could have been any subsequently deleted account. The broader problem seems to be that there is no way to prevent user deletions short of hacking core or altering every form that might try to delete users. The "administer users" permission grants deletion rights, and that means every moderator who is empowered to block spammers gets the ability to destroy data. Don't like that a bit.