Problem/Motivation
The block system has but one permission: "Administer blocks", creating an all-or-none situation where granting a user any permission to the subsystem entails giving them god powers there. Especially now that we have custom blocks, I expect people will want more of the flexibility they currently have with nodes to restrict access to different operations by bundle. I know I have for a long time!
Proposed resolution
I propose adding more granular permissions. To illustrate the possibilities, here's how block's permissions currently compare to node's:
| Node | Block |
|---|---|
| Bypass content access control | - |
| Administer content types | - |
| Administer content | Administer blocks |
| Access the Content overview page | - |
| View published content | - |
| View own unpublished content | - |
| View all revisions | - |
| Revert all revisions | - |
| Delete all revisions | - |
| Per type: Create new content | - |
| Per type: Edit own content | - |
| Per type: Edit any content | - |
| Per type: Delete own content | - |
| Per type: Delete any content | - |
| Per type: View revisions | - |
| Per type: Revert revisions | - |
| Per type: Delete revisions | - |
Remaining tasks
- Decide if and what permissions to add.
- Write a patch.
- Add tests.
- Review and commit.
- Write a change notice.
User interface changes
TBD.
API changes
TBD.