This seems very bad to me. I accidentally deleted my anonymous user by clicking into the edit pane and hitting 'delete' (not on purpose... it was a random click).

Luckily, I was on a test site and after a little tinkering, I added the anon. user role back. Then, I had to go and grant all the privs again.

It was more of a serious time waste for me, but I could see others having to rebuild their sites because they buggered it. I'd advise that these two roles remain locked as it could lead to some dangerous situations.

Comments

CloudSociety’s picture

CloudSociety commented

It also doesn't help that there's absolutely no confirmation dialog asking if you really want to delete a role. That's not Role Weight's problem; it's something in Drupal core.

I have confirmed that the delete function works regardless of which role I'm in (so long as I can administer user accounts), so it has nothing to do with being user0 (which I originally suspected).

pfaocle’s picture

pfaocle
He/Him
Primary language English
commented
Assigned: Unassigned » pfaocle
Status: Active » Needs review

I've added a quick fix to 6.x-1.x-dev branch - it simply disables the Delete button form element when editing the anonymous role.

This problem is a bit of a hangover from the Drupal 5 release, which has some odd tweaks to circumvent lack of complete Form API compliance in Drupal 5's role admin forms. role_weights_form_alter() can possibly be re-worked to fix this properly.

pfaocle’s picture

pfaocle
He/Him
Primary language English
commented
Title: Able to delete anonymous and authenticated user role » Able to delete anonymous user role

Note I couldn't delete the authenticated role (even without the fix) - the 'Delete' form element is rendered as text only and is not click-able.

pfaocle’s picture

pfaocle
He/Him
Primary language English
commented
Version: 6.x-1.5 » 6.x-1.x-dev
Status: Needs review » Fixed

Fixed in 6.x-1.x-dev

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.