[development] Implementing a user deletion policy

Steve Yelvington steve at yelvington.com
Mon Apr 5 21:17:34 UTC 2010

> On Mon, Apr 5, 2010 at 11:54 AM, Dave Reid <dave at davereid.net 
> <mailto:dave at davereid.net>> wrote:
>     Might want to checkout something
>     like http://drupal.org/project/userprotect where you wouldn't have
>     to touch any code at all.
I like the idea. Unfortunately it appears to apply only to new, not 
existing accounts, and it's bogglingly complicated.

>     In addition, watchdog messages should show the currently logged in
>     user when the message was fired. That would be the person who
>     deleted the account.

The deletions in question were attributed to "ANON," which probably was 
the deleted account itself, but also could have been any subsequently 
deleted account.

The broader problem seems to be that there is no way to prevent user 
deletions short of hacking core or altering every form that might try to 
delete users. The "administer users" permission grants deletion rights, 
and that means every moderator who is empowered to block spammers gets 
the ability to destroy data. Don't like that a bit.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100405/a1e6508c/attachment-0001.html 

More information about the development mailing list