autodeny delete on cards with codenames

Ticket

+commit
 

It's really easy to delete or change the cardtype of Roles, which can break permissions really badly.  At the most basic we should probably not allow deletion of system cards.

 

 

An unauthorized change of the "Anyone Logged In" to type Basic on Connectipedi broke creation of Topic cards we think for a couple of days.  had to restore data by hand, not pretty.

 

I think we should consider moving more quickly on the "codename" data change and then deny deletes for all cards with codenames.  maybe?


definitely leaning this way -- set it up so you basically can only delete these cards through calls with special flags, which are probably only used when uninstalling modules.

  --Ethan McCutchen.....Fri Feb 18 10:33:23 -0800 2011


What cards have codenames?

 

Would this mean you could never delete a Cardtype card, even if there are no cards of that type?

  --John Abbe.....Fri Feb 18 10:41:17 -0800 2011


yes, I think so. it would now at least. hmm, I wonder if that's the only example of something that has a codename that we want createable (and deletable) through the web interface.

  --Ethan McCutchen.....Fri Feb 18 14:47:08 -0800 2011


What else has codenames?

  --John Abbe.....Fri Feb 18 17:05:27 -0800 2011


actually, not all cardtypes have codenames. but those that do can't be deleted without removing the code (generally just in modules) that refers to them.

  --Ethan McCutchen.....2012-10-09 21:32:12 +0000