A simple but not very clean way is a route that you have already done, but with an additional small module to help it.
- has a function
my_module_can_delete($user) , which returns TRUE if the user is allowed to delete, FALSE if the user is not. - implements
hook_form_alter() to modify and delete a button in the form of node_edit if my_module_can_delete($user) - implements
hook_form_alter() to change the confirmation form called in / node /% nid / delete and add a message there, telling the user that he or she is my_module_can_delete($user) . This should be enough, since disabling this form will result in users being unable to complete this form. The FORM-API will take care of this.
However, you can make it more robust to catch other removal modules:
- implements
hook_nodeapi() , $op == 'delete' to catch actions and stop the deletion (by calling drupal_goto() or calling drupal_access_denied() to force a user error. Refer only to deletion actions if the referent was a deletion - form, like indicated above, or a safer, white list of your VBO actions and return false for all other referees.The referent can often be found by reading the $ node passed by hook_nodeapi() .
A, IMHO, a much cleaner, but probably more intense alternative , would just make sure your parties / actions are called up with every delete action.
In the module, you can do this by avoiding all VBO settings and leaving all unnecessary remote actions. Then write a module that implements hook_nodeapi() , and then calls all the cleanup actions from there. That way, you can be sure that your delete actions are invoked with every delete action on any node. Obviously, you can add some conditions to your hook_nodeapi () to call only your modules in certain cases (node types, user roles, permissions, etc.).