On Mon, Apr 5, 2010 at 11:54 AM, Dave Reid <[email protected]
<mailto:[email protected]>> wrote:
Might want to checkout something
like http://drupal.org/project/userprotect where you wouldn't have
to touch any code at all.
I like the idea. Unfortunately it appears to apply only to new, not
existing accounts, and it's bogglingly complicated.
In addition, watchdog messages should show the currently logged in
user when the message was fired. That would be the person who
deleted the account.
The deletions in question were attributed to "ANON," which probably was
the deleted account itself, but also could have been any subsequently
deleted account.
The broader problem seems to be that there is no way to prevent user
deletions short of hacking core or altering every form that might try to
delete users. The "administer users" permission grants deletion rights,
and that means every moderator who is empowered to block spammers gets
the ability to destroy data. Don't like that a bit.
