Comment 2 for bug 495064

I just had a look at this, and I'm not sure that this patch is exactly the right thing to do. For one thing, it's possible for a user to have an authinstance of 'none', in which case there's no reason why they shouldn't be able to delete themselves.

But you also get the situation where the user has an xmlrpc authinstance whose parent authinstance is internal, so that the user can come in from Moodle but also log in at the Mahara login form. I expect that in most of these cases the institution would have registerallowed turned off, but if it was turned on it's kind of weird to determine self-deleting ability on whether they logged in first on the moodle or the mahara side.

Personally I'm not too worried about leaving things the way they are, but if this makes anyone really unhappy I think the simplest solution might be to just add a 'userscanselfdelete' setting to the institution and use that instead of registerallowed. That would force institutions to have a single policy on self-deleting for all their users, but at least it would reduce confusion.