Patterns: ability to disable creation of patterns for certain roles/permissions

[tomjn]

What problem does this address?

I'm working on a site that has users signing up and creating posts, but they can create insert and update reusable blocks. This allows them to bypass moderation, and modify other users posts via these blocks, etc, etc, it's a major headache

I've been trying to exterminate this feature, but I cannot hide the UI components, I cannot filter them, I can't disable them, remove support, etc

I thought I could remove the caapability from their roles, and it is implied this can be done on the .org dev site, but the wp_block post type reuses the post capabilities so I cannot target non-admin users.

I can find no official method for removing this feature, be it totally or conditionally.

The closest I have found so far is to use wp.data.dispatch('core/block-editor').updateSettings( { __experimentalReusableBlocks: [] } ) to fool the block editor into thinking there are no reusable blocks at the moment, then deliberately crashing on the save post hook if it matches wp_block.

What is your proposed solution?

Implement capabilities for reusable blocks, and hide UI/UX if the current user does not have the capability to create/view/edit reeusable block posts.

[tomjn]

While investigating this, I devised a superior workaround:

import { addFilter } from '@wordpress/hooks';
import { select, dispatch, subscribe } from '@wordpress/data';

// Erase the existence of any reusable blocks.
subscribe( () => {
	const settings = select( 'core/block-editor' ).getSettings();
	if ( settings.__experimentalReusableBlocks && settings.__experimentalReusableBlocks.length > 0 ) {
		dispatch('core/block-editor').updateSettings( { __experimentalReusableBlocks: [] } );
	}
});

/**
 * Remove supported features from all blocks
 *
 * @param {*} settings
 * @param {*} name
 */
function filterBlockSupports( settings, name ) {
	// ensure there is a supports section
	if ( undefined === settings.supports ) {
		settings.supports = {}
	}
	settings.supports.reusable = false;

	return settings;
}
addFilter( 'blocks.registerBlockType', 'tomjn/disable-reusability', filterBlockSupports );

It doesn't fully disable all reusable blocks UI but it hide it from the inserter, and prevents new reusable blocks being created via the block toolbar menu

[paaljoachim]

Hey @tomjn Tom
I assume this would have to do with user roles.
I believe @Mamaduka George has worked on another aspect of this.

[Mamaduka]

I believe @Mamaduka George has worked on another aspect of this.

Which aspects, I can't recall anything 😅

[paaljoachim]

LOL..:)
I was thinking locking programatically by user role, but as you just mentioned for me on a direct message on Slack that is different compared to in general disabling Reusable blocks.

[tomjn]

For some sites reusable blocks just don't make sense, and are a major liability.

This isn't a case of controlling who can and can't use/create/modify reusable blocks, although that would be a useful thing to have documented, it's about disabling it completely for all users in all forms.

[paaljoachim]

I assume we should be able to turn off features like Reusable blocks and Patterns in the preferences panels. @ntsekouras

[tomjn]

no I mean in code, not a user preference, but a site design decision or business requirement, this issue was not created to address a preference.

I should be able to completely disable reusable blocks such that the existence of the feature and ability to use it are not possible. Not disabling it for a user, session, or role, but for an entire site, in code.

This can already be done for other features using the add_theme_support and remove_theme_support, it should be possible for reusable blocks.

[kraftner]

One thing that seems to at least hide the UI is unregistering the core/block block type. Haven't tested this thoroughly though.

[brown-a2]

Any updates/progress on this?

[dashkevych]

It would be great to have this feature in the core.