Same name and namespace in other branches
  1. 8.9.x core/modules/block/block.api.php \hook_block_access()
  2. 9 core/modules/block/block.api.php \hook_block_access()

Control access to a block instance.

Modules may implement this hook if they want to have a say in whether or not a given user has access to perform a given operation on a block instance.

Parameters

\Drupal\block\Entity\Block $block: The block instance.

string $operation: The operation to be performed; for instance, 'view', 'create', 'delete', or 'update'.

\Drupal\Core\Session\AccountInterface $account: The user object to perform the access check operation on.

Return value

\Drupal\Core\Access\AccessResultInterface The access result. If all implementations of this hook return AccessResultInterface objects whose value is !isAllowed() and !isForbidden(), then default access rules from \Drupal\block\BlockAccessControlHandler::checkAccess() are used.

See also

\Drupal\Core\Entity\EntityAccessControlHandler::access()

\Drupal\block\BlockAccessControlHandler::checkAccess()

Related topics

File

core/modules/block/block.api.php, line 209
Hooks provided by the Block module.

Code

function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account) {

  // Example code that would prevent displaying the 'Powered by Drupal' block in
  // a region different than the footer.
  if ($operation == 'view' && $block
    ->getPluginId() == 'system_powered_by_block') {
    return AccessResult::forbiddenIf($block
      ->getRegion() != 'footer')
      ->addCacheableDependency($block);
  }

  // No opinion.
  return AccessResult::neutral();
}