better syslog, get user roles on login

web/modules/custom/materio_jsonapi/materio_jsonapi.module

@@ -3,28 +3,20 @@
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Field\FieldDefinitionInterface;
+use Drupal\Core\Field\FieldItemListInterface;
 
 /**
- * Implements hook_ENTITY_TYPE_access().
+ * Implements hook_entity_field_access().
  */
-function materio_jsonapi_user_role_access(EntityInterface $entity, $operation, AccountInterface $account) {
-  debug($operation, 'operation materio_jsonapi_user_role_access');
-  // watchdog('materio_jsonapi_user_role_access');
-  if ($operation === 'view') {
-    return AccessResult::allowedIfHasPermission($account, 'view role info');
+function materio_jsonapi_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
+  if ($field_definition->getName() == 'roles' && $operation == 'view') {
+    $user = $items->getEntity();
+    if($account->id() == $user->id() && !$user->hasPermission('materio_jsonapi roles')){
+      return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi ownroles');
+    }
+    return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi roles');
+    // return AccessResult::allowed();
   }
   return AccessResult::neutral();
 }
-
-
-/**
- * Implements hook_entity_field_access_alter().
- */
-function materio_jsonapi_entity_field_access_alter(array &$grants, array $context) {
-  debug($context, 'context materio_jsonapi_entity_field_access_alter');
-  // watchdog('materio_jsonapi_entity_field_access_alter');
-  $field = $context['field_definition']->getName();
-  if ($field == 'roles' && $context['operation'] == 'view') {
-    $grants[':default'] = AccessResult::allowedIfHasPermission($context['account'], 'view role info');
-  }
-}