autodeny delete on cards with codenames
It's really easy to delete or change the cardtype of Roles, which can break permissions really badly. At the most basic we should probably not allow deletion of system cards.
An unauthorized change of the "Anyone Logged In" to type Basic on Connectipedi broke creation of Topic cards we think for a couple of days. had to restore data by hand, not pretty.
Related support tickets:Relevant user stories:add one
I think we should consider moving more quickly on the "codename" data change and then deny deletes for all cards with codenames. maybe?
definitely leaning this way -- set it up so you basically can only delete these cards through calls with special flags, which are probably only used when uninstalling modules.
--Ethan McCutchen.....Fri Feb 18 10:33:23 -0800 2011
What cards have codenames?
Would this mean you could never delete a Cardtype card, even if there are no cards of that type?
--John Abbe.....Fri Feb 18 10:41:17 -0800 2011
yes, I think so. it would now at least. hmm, I wonder if that's the only example of something that has a codename that we want createable (and deletable) through the web interface.
--Ethan McCutchen.....Fri Feb 18 14:47:08 -0800 2011
What else has codenames?
--John Abbe.....Fri Feb 18 17:05:27 -0800 2011
Notes