Comment 3 for bug 900564

read_deleted was not intended to specify whether the user was allowed to read deleted records, so much as whether the call should read deleted records. It was added to the context object because it would otherwise require changing every single db call to support an additional flag.

Can't we just key the authorization for can_read_deleted off of is_admin, and just have read_deleted specify whether to retrieve deleted records?