There are occasions where it would be useful to prevent users from viewing certain blocks. For instance, a course_list block might be placed on the front page to allow students to view their courses, but site administrators don't want guests to see a list of courses.
The natural way to control this behaviour would seem to be through roles. I would imagine the most frequently used workflow for this would be creating a prevent role overirde on the guest role of the block.
I've created a moodle/block:view capability which controls access to vew a block and works effectively.
There are a couple of issues though:
1) It seems to be assumed that CONTEXT_BLOCK capabilities will only come from block modules and not moodle components. Which means i've had to modified the langage string function and override functions to look at moodle components which have the CONTEXT_BLOCK capabilities. These are the only two places i've seen this assumption made, but presumably it could be in other places.
2) We have the capability cache 'problem', where by if a capability is changed it won't be observed in existing sessions because of the capability cache. It would be nice if we had a way of resetting the cache of current sessions on capability changes.