Restricting block changes
https://drupal.stackexchange.com/questions/1581
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How can you let an editor edit the text in a block, but not make other configuration changes, as moving the block from one region to another?
Solution 3
After coming back to this question after a year or so, there are two methods that are very simple.
Create a block and put the following code in the block body:
<?php
$node = node_load(77);//77 is the nid of the node I want to put in the block.
$node_content = node_view($node,"full");
print render($node_content);
?>
Or you can create a view block and filter on the node id.
Now you give someone permission to edit the content type but not permission to create or delete it.
OTHER TIPS
In Drupal, only the users with the permission to administer blocks can change the block settings, including which region the block is assigned.
As far as I know, there aren't modules that allow to assign to users a more granular permission. You should write your own custom module that shows only the fields that a user is allowed to edit.
For example, the following code would alter the form build from block_admin_configure(), the function that build the configuration form for any block, to permit to users with the "edit block titles" permission to edit the block title.
function mymodule_form_block_admin_configure_alter(&$form, &$form_state, $form_id) {
if (isset($form['settings']['title'])) {
$form['settings']['title']['#access'] = user_access('edit block titles');
}
}
The function is the implementation of hook_form_FORM_ID_alter() made for a module named mymodule.module.
The fields for the region settings (the theme regions a block is output) are contained in $form['regions']; The field set contains a select field for each enabled them.
To show the field set only to users with the "edit block regions" permission, you can use the following code, for example.
function mymodule_form_block_admin_configure_alter(&$form, &$form_state, $form_id) {
if (isset($form['regions'])) {
$form['regions']['#access'] = user_access('edit block regions');
}
}
Users with the permission to administer blocks could alter the region assigned to blocks from http://example.com/admin/structure/block. To not allow the user without the "edit block regions" permission to access that page, you should alter the access handler of that menu, and replace the default access handler with a custom one that would return FALSE when users don't have that permission.
For more information, see hook_menu and hook_menu_alter().
See the Block Access module.
This module adds a set of global permissions for creating, viewing, moving, enabling, disabling and configuring blocks as well as permissions at the individual block level.
One simple solution I would recommend is checking out the Boxes module. This module is going to provide a nice inline editing options (via AJAX) for blocks, which would make it super easy for editors to change the text in the blocks. The permissions would still need to be "administer blocks" for the editors, but since they will now be able to edit blocks inline there's really no need for them to ever get to the block configuration page.
Now if you still insist on removing access to that block configuration page you can just do a simple menu alter that changes the permission required for the block configuration page such as the following code.
function hook_menu_alter(&$items) {
//Example Use Case, switching permission from "administer block" to "administer site configuration"
$items['admin/structure/block']['access arguments'] = array('administer site configuration');
}
The Bean module is a possible alternative to answer this question. Here is a quote about its project page:
Think of a Bean as a method to provide new types (compared to node this would be a content type) which then provides an add content interface to create as many blocks as you require (see screenshot below). The bean content can then be placed around the site just like any other block.
Combined with the options available for granting the appropriate Bean permissions, it should give you a lot of flexibility about how exactly you want to use this (great) module in your specific case: for each individual block created with the BEAN module, you can use the typical Permissions page (at admin/people/permissions) to grant Add/Edit/View/Delete access to selected roles.
This module also works great in combination with the UUID and UUID Features Integration modules. And after you become familiar with the Bean module, you might find other cases in your site where you also want to use this module (which somehow compensates the fact that you need to add another module).
The video tutorial Drupal Bean module tutorial - using Bean Admin UI provides a great introduction to really understand the power of this module, and the kind of things you can do with it (by only using site building techniques, no custom coding involved). It also shows how the Bean module transforms Drupal blocks into fieldable entities.
This module only started as of D7 (because of the "entities" of course that were only introduced in D7), and already has over 22K reported installs. Those who don't use it yet should definitely start looking at it in preparation of some day upgrading to D8. Because this is what is currently shown on its project page (I added the bold markup here):
This module has been included with Drupal 8 core. Refer to this issue for more information.
