[development] Implementing a user deletion policy
steve at yelvington.com
Mon Apr 5 21:17:34 UTC 2010
> On Mon, Apr 5, 2010 at 11:54 AM, Dave Reid <dave at davereid.net
> <mailto:dave at davereid.net>> wrote:
> Might want to checkout something
> like http://drupal.org/project/userprotect where you wouldn't have
> to touch any code at all.
I like the idea. Unfortunately it appears to apply only to new, not
existing accounts, and it's bogglingly complicated.
> In addition, watchdog messages should show the currently logged in
> user when the message was fired. That would be the person who
> deleted the account.
The deletions in question were attributed to "ANON," which probably was
the deleted account itself, but also could have been any subsequently
The broader problem seems to be that there is no way to prevent user
deletions short of hacking core or altering every form that might try to
delete users. The "administer users" permission grants deletion rights,
and that means every moderator who is empowered to block spammers gets
the ability to destroy data. Don't like that a bit.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the development