Updated Drupal to 8.6. This goes with the following updates because it's possible...

[yaffs-website] / web / core / modules / user / tests / modules / user_access_test / user_access_test.module

<?php

/**
 * @file
 * Dummy module implementing hook_user_access() to test if entity access is respected.
 */

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\Entity\User;

/**
 * Implements hook_ENTITY_TYPE_access() for entity type "user".
 */
function user_access_test_user_access(User $entity, $operation, $account) {
  if ($entity->getUsername() == "no_edit" && $operation == "update") {
    // Deny edit access.
    return AccessResult::forbidden();
  }
  if ($entity->getUsername() == "no_delete" && $operation == "delete") {
    // Deny delete access.
    return AccessResult::forbidden();
  }
  return AccessResult::neutral();
}

/**
 * Implements hook_entity_field_access().
 */
function user_access_test_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
  // Account with role sub-admin can view the status, init and mail fields for user with no roles.
  if ($operation === 'view' && in_array($field_definition->getName(), ['status', 'init', 'mail'])) {
    if (($items == NULL) || (count($items->getEntity()->getRoles()) == 1)) {
      return AccessResult::allowedIfHasPermission($account, 'sub-admin');
    }
  }
  return AccessResult::neutral();
}