/** * Control access to a block instance. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform a given operation on a block instance. * * @param \Drupal\block\Entity\Block $block * The block instance. * @param string $operation * The operation to be performed; for instance, 'view', 'create', 'delete', or * 'update'. * @param \Drupal\Core\Session\AccountInterface $account * The user object to perform the access check operation on. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. If all implementations of this hook return * AccessResultInterface objects whose value is !isAllowed() and * !isForbidden(), then default access rules from * \Drupal\block\BlockAccessControlHandler::checkAccess() are used. * * @see \Drupal\Core\Entity\EntityAccessControlHandler::access() * @see \Drupal\block\BlockAccessControlHandler::checkAccess() * @ingroup block_api */ function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account) { // Example code that would prevent displaying the 'Powered by Drupal' block in // a region different than the footer. if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') { return AccessResult::forbiddenIf($block->getRegion() != 'footer')->cacheUntilEntityChanges($block); } // No opinion. return AccessResult::neutral(); }