Currently the product controller checks in its delete method whether or not a product can be deleted by invoking hook_commerce_product_can_delete(). This function lets modules say at an API level whether or not a given product should be deletable, primarily to maintain referential integrity from order line items -> products. However, products aren't the only thing that may need some API level protection to prevent deletion. As such, just like with #927090: Revamp / unify entity access, I think it might be wise to have a single system we can use to declare data objects as protected in this manner.
Not much more on this at the moment, but there are some good thoughts from sime in this comment:
Comments
Comment #1
bojanz CreditAttribution: bojanz at Centarro commented