<?php

use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;

/**
 * Implements hook_entity_field_access().
 */
function materio_jsonapi_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
  if ($field_definition->getName() == 'roles' && $operation == 'view') {
    $user = $items->getEntity();
    if($account->id() == $user->id() && !$user->hasPermission('materio_jsonapi roles')){
      return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi ownroles');
    }
    return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi roles');
    // return AccessResult::allowed();
  }
  return AccessResult::neutral();
}