Add Permissions to Regions (and thereby blocks within them)

I love this, but it might be good to extend it and set permissions on a per block basis as well. I think what you're describing wouldn't let users disable or see blocks not associated with a region. I'd like to let a content editor disable a block or move it to another region w/o them having access to all disabled blocks.

I'm totaly up for this - it's a great idea.

Only sugestion i'd make would be to keep it as an optional core module, because not all sites would be needing this. Not even sure if it'd be possible the way i request, but well, there it is! :D

Custom modules in Drupal 7 already have the ability to limit blocks for regions. Since the block placement is done via a select box, one can form_alter the items in any way. The JS for blocks drag and drop also supports this limitation, so when a region is not in the select box, a block cannot be dropped in the given region, and an error message is presented.

This is not exactly adding permissions for regions/blocks, but it allows contrib developers to just alter the available options in the select boxes and let Drupal do the validation, error reporting, etc.

This is exactly what I'm looking for. I'm wondering why nobody has needed this before.
I'd like to stay tuned and maybe throw some ideas in.
Here is the first idea: Is it an option to create first a contributed module and improve the usability, fix major bug reports etc. and then implement it into D8 core?
It would take a similar way as CCK.

Stefan

You mention here that there are custom modules for D7 which provide the ability limit blocks for regions. I've been looking for something like this but haven't found quite the right module anywhere on drupal.org. Can you point me in the right direction?

Thanks in advance for any hints you can provide.

Not exactly a hot topic right now - but since I wasn't satisfied with the Block Access module and didn't find any appropriate solution to this exact problem, I've built something myself. The following code goes into a hook_form_alter() and is built for a use case where site editors should only be allowed to add/remove blocks from the second sidebar:

  //without proper permission, hide all regions except sidebar_second
  if($form_id == 'block_admin_display_form') {
    if(!user_access('access all block regions')) {
      foreach($form['blocks'] as $name => $block) {
        if($block['region']['#default_value'] != 'sidebar_second' && $block['region']['#default_value'] != NULL) {
          unset($form['blocks'][$name]);
        } else {
          $form['blocks'][$name]['region']['#options'] = array('sidebar_second' => t('Second Sidebar')) + array(BLOCK_REGION_NONE => BLOCK_REGION_NONE);
        }
      }
    }
  }

  if($form_id == 'block_admin_configure' || $form_id == 'block_add_block_form') {
    if(!user_access('access all block regions')) {
      $form['regions']['#access'] = FALSE;
      $form['regions']['akademie']['#default_value'] = 'sidebar_second';
      $form['visibility']['role']['#access'] = FALSE;
      $form['visibility']['user']['#access'] = FALSE;
      $form['visibility']['node_type']['#access'] = FALSE;
    }
  }

Thanks nekhster. I've updated your code a little so that I can check if a user has a specific role and to make sure the code only runs on the block forms. (NOTE, it could definitely use more testing, but on the surface seems to give me what I need)

Anyone looking to use this would need to add in the name of the region they are limiting to (my happens to be sidebar_callout) as well as the name of the user role (my happens to be editor). Also note you need to change "your_module" to match your module's name, and "your_theme_name" to be your theme.

function your_module_form_alter(&$form, &$form_state, $form_id) {
  //See if we are on the block admin form, block configure, or block add forms
  if ($form_id == 'block_admin_display_form' || $form_id == 'block_admin_configure' || $form_id == 'block_add_block_form') {
    global $user;
    $is_editor = FALSE;

    //Check if the user is logged in, if they are see if they have the editor role
    if (user_is_logged_in()) {
      foreach ($user->roles as $uid => $role_name) {
        //print('ROLE IS: ' . $role_name);
        if ($role_name == 'editor') { //You can change this to check for any role you want
         $is_editor = TRUE;
         break;
        }

      }
    }
    if ($is_editor) {
    //If this is the editor role, reduce the options they have to just be the sidebar callout
      if ($form_id == 'block_admin_display_form') {
      //Without proper permission, hide all regions except sidebar_callout
        if (!user_access('access all block regions')) {
          foreach($form['blocks'] as $name => $block) {
            if ($block['region']['#default_value'] != 'sidebar_callout' && $block['region']['#default_value'] != NULL) {
              unset($form['blocks'][$name]);
            } else {
              $form['blocks'][$name]['region']['#options'] = array('sidebar_callout' => t('Sidebar Callout')) + array(BLOCK_REGION_NONE => BLOCK_REGION_NONE);
            }
          }
        }
      }

      if ($form_id == 'block_admin_configure' || $form_id == 'block_add_block_form') {
        if (!user_access('access all block regions')) {
          $form['regions']['#access'] = TRUE;
          //Make sure the only options available are the sidebar callout and None
          $form['regions']['your_theme_name']['#options'] = array('sidebar_callout' => t('Sidebar Callout')) + array(BLOCK_REGION_NONE => BLOCK_REGION_NONE);
          $form['regions']['your_theme_name']['#default_value'] = 'sidebar_callout';
          $form['visibility']['role']['#access'] = FALSE;
          $form['visibility']['user']['#access'] = FALSE;
          $form['visibility']['node_type']['#access'] = FALSE;
        }
      }
    }
  }
}

Is there still any interest in this, or any work being done on it elsewhere? It would be quite useful in a lot of the projects I work on.

Wow, totally forgot about this... @miwayha I am not aware of any work being done in this direction at the moment. You're of course welcome to get the ball rolling =)

I guess the extremely high level battle plan for this could be:

1. Auto generate permissions per regions per enabled theme.
2. Auto clean up permissions per regions when uninstalling themes.
3. Check for these permissions on all the appropriate places, which probably needs a bit of thinking.

Permissions could be as follows:
"configure region [region] for [theme]"

This may be worth running through the ideas process first: http://drupal.org/project/ideas given the extent of work required and the potential to waste that work if the change is not desired. (Doing that is as simple as moving this issue to the ideas queue and update the issue summary with the high level goals/plan).

Moving to ideas queue and closing #2816577: Region Permissions as a duplicate. In it, @miwayha explained:

Basically, we have a distribution that we clone for literally hundreds of sites, train some content editors how to create pages and blocks, and let clients self serve. The problem is that they have permissions on all of the regions, which we would like for them to not have. We would love for it to be more locked down.

I created a D8 module that allows you to manage permissions for regions and the region's blocks. I've been using it to restrict our editors for a few months now with no issues. Feedback is welcome.

Project: Block Region Permissions

The Ideas project is being deprecated. This issue is moved to the Drupal project. Check that the selected component is correct. Also, add the relevant tags, especially any 'needs manager review' tags.

Changing to the standard issue template would also help other contributors.

Also, there has been no discussion here for 8 years. Is there still support for this feature?

Read the ticket and think such a feature would best be in contrib. Think it would be a lot for core to take on