How to prevent ‘third-party available blocks’ in block inserter…

  • Resolved sushidub

    (@sushidub)


    1 week ago

    We have very strict guidelines as to what our admins, authors and editors are allowed to use with regard to the blocks within the block editor. Subsequently, our block inserter only shows blocks we’ve either custom built or those from core that we’ve made available via the ‘allowed_blocks’ filter.

    I’m not in the block editor enough to know which version of WP introduced the third-party ‘Available Blocks’ feature, but I recently became aware of the fact that when searching from within the block inserter the keywords are being used to populate an ‘Available Blocks’ section within the results list. The blocks advertised in this section all seem to be from third-party’s of which I have no idea where they’re actually being hosted (I’m an in-house developer, so I’m not aware of a block marketplace). The feature was brought to my attention via one of our brand/design directors who was concerned about users with the right permissions installing and using them. I assured him that wouldn’t happen due to underlying installation permissions that would likely block such an event but I’m wondering if there’s any documentation out there yet with regard how to disable the third-party blocks feature itself and in doing so without the use of a plugin.

    Outside of looking to disable the feature I’m curious if anybody else finds this feature as potentially troublesome in being ‘enabled’ by default?

    The screenshot below shows how the third-party blocks are brought up during a block search and where they’re displayed in the inserter…

    Link to screenshot – https://www.dropbox.com/scl/fi/3lfojes2mvsmd69dncang/Screen-Shot-2024-10-14-at-10.27.48-AM.png?rlkey=btnv21ywp4r80m0sni6gxyk0t&st=d9dvytal&dl=0

    • This topic was modified 1 week ago by sushidub.
    • This topic was modified 1 week ago by sushidub.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    WordPress in inherently open source, so it’s natural for it to offer alternative sources of blocks that might be available. You’re more after a “walled garden” approach, which is counter to the WP open source concept. A walled garden approach is fine, it’s your site after all, but you’ll need to expect to fight WP a little to accomplish it.

    Contributors and authors don’t see the 3rd party offers. Only those with elevated privileges will be able to utilize the feature. If you don’t trust those with elevated privileges to refrain from doing undesirable things, it’s questionable why they’d be granted elevated privileges to start with. Just sayin’

    Aside from removing user privileges, I’m not sure how easily the feature can be fully removed. However, it is relatively simple to just hide the feature with some custom admin CSS:

    .block-directory-downloadable-blocks-panel {
    display: none;
}

    Those with adequate knowledge and privilege could re-display the feature and utilize it, but being out of sight should deter nearly all users.

    Thread Starter sushidub

    (@sushidub)

    Totally makes sense @bcworkz and thanks. I actually considered the feature might be expected to act as you’ve described it given the open source nature of the core platform. Since I couldn’t find any documentation that clarifies it is indeed a feature of the open source platform (not a bug or setting) or what roles it may be attached too (something else I’d considered), I felt like the only relevant option was too ask the community here.

    Our roles and permissions are currently (and most unfortunately) all over the map due to previously misunderstood definitions and subsequent handling via prior administration. As I noted, I’m just ‘the developer’ and for the most part have been kept out of participating in the ‘who does, or can do what’ conversations.

    That said your reply helps a lot including the css snippet. I also wouldn’t be surprised to find out the section is tied to a hook somewhere in core. I may poke around for the knowledge at least.

    Thanks again!

    • This reply was modified 1 week ago by sushidub.
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags