<?php

use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;

/**
 * Implements hook_ENTITY_TYPE_access().
 */
function materio_jsonapi_user_role_access(EntityInterface $entity, $operation, AccountInterface $account) {
  debug($operation, 'operation materio_jsonapi_user_role_access');
  // watchdog('materio_jsonapi_user_role_access');
  if ($operation === 'view') {
    return AccessResult::allowedIfHasPermission($account, 'view role info');
  }
  return AccessResult::neutral();
}


/**
 * Implements hook_entity_field_access_alter().
 */
function materio_jsonapi_entity_field_access_alter(array &$grants, array $context) {
  debug($context, 'context materio_jsonapi_entity_field_access_alter');
  // watchdog('materio_jsonapi_entity_field_access_alter');
  $field = $context['field_definition']->getName();
  if ($field == 'roles' && $context['operation'] == 'view') {
    $grants[':default'] = AccessResult::allowedIfHasPermission($context['account'], 'view role info');
  }
}