[sldev] Patch to Address Debit Permission Spoofing

[Jason Giglio]

Good work!  This one was on my list too actually.  Some feedback inline.

Able Whitman wrote:
> * Automatic Denial of Debit Permission Requests

I'm not sure this is such a good idea.  Users will likely turn this off, 
then complain when their objects don't work right, even if it does tell 
them that the permission was requested.

It also gives the permission a stigma, when it is commonly needed in 
everything that might ever need to give a refund!


> The preference to enable automatic denial will appear in the "Popups" 
 > * Opt-out of Caution Permissions Prompts

I'm also opposed to "preference creep".  It seems that a lot of the 
patches we are seeing are coming with preferences to enable or disable them.

Either it's a good idea to do this or it isn't.  We don't need to add a 
preference for every little feature.  If the client had always been 
developed like this, we'd have 50 pages of preferences and be able to 
revert to the 1.0 feature set. :)


-Jason