Index: nodeasblock.module
===================================================================
--- nodeasblock.module	(revision 412)
+++ nodeasblock.module	(working copy)
@@ -211,28 +211,31 @@
     case 'insert':
     case 'update':
       global $theme;
-      // Fetch block data.
-      $block = $node->nodeasblockset;
-      db_query("DELETE FROM {nodeasblock} WHERE nid = $node->nid");
-      if ($block['nodeasblock'] || variable_get("nodeasblock_$node->type", NODEASBLOCK_DISABLED) == NODEASBLOCK_ALWAYS) {
-        db_query("INSERT INTO {nodeasblock} VALUES ($node->nid)");
-        // This will actually create the block.
-        _block_rehash();        
-        $block['delta'] = $node->nid;
-        $block['module'] = 'nodeasblock';
-        // Update block data.
-        db_query("UPDATE {blocks} SET status = %d, region = '%s', weight = %d, visibility = %d, pages = '%s', custom = %d, title = '%s' WHERE module = '%s' AND delta = '%s'", 
-          $block['status'], $block['region'], $block['weight'], $block['visibility'], trim($block['pages']), $block['custom'], $block['title'], $block['module'], $block['delta']);
+      // Fetch block data, if user has access
+      if (user_access('create blocks for nodes')) {
+        $block = $node->nodeasblockset;
+        db_query("DELETE FROM {nodeasblock} WHERE nid = $node->nid");
+
+        if ($block['nodeasblock'] || variable_get("nodeasblock_$node->type", NODEASBLOCK_DISABLED) == NODEASBLOCK_ALWAYS) {
+          db_query("INSERT INTO {nodeasblock} VALUES ($node->nid)");
+          // This will actually create the block.
+          _block_rehash();        
+          $block['delta'] = $node->nid;
+          $block['module'] = 'nodeasblock';
+          // Update block data.
+          db_query("UPDATE {blocks} SET status = %d, region = '%s', weight = %d, visibility = %d, pages = '%s', custom = %d, title = '%s' WHERE module = '%s' AND delta = '%s'", 
+            $block['status'], $block['region'], $block['weight'], $block['visibility'], trim($block['pages']), $block['custom'], $block['title'], $block['module'], $block['delta']);
         
-        if (is_array($block['roles'])) {
-        db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $block['module'], $block['delta']);
-          foreach (array_filter($block['roles']) as $rid) {
-            db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $block['module'], $block['delta']);
+          if (is_array($block['roles'])) {
+            db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $block['module'], $block['delta']);
+            foreach (array_filter($block['roles']) as $rid) {
+              db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $block['module'], $block['delta']);
+            }
           }
+        
+          drupal_set_message(t('The block configuration has been saved.'));
+          cache_clear_all();
         }
-        
-        drupal_set_message(t('The block configuration has been saved.'));
-        cache_clear_all();
       }
       break;
     case 'delete':
