2 * Implements hook_node_grants_alter().
4 function {{ machine_name }}_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op) {
5 // Our sample module never allows certain roles to edit or delete
6 // content. Since some other node access modules might allow this
7 // permission, we expressly remove it by returning an empty $grants
8 // array for roles specified in our variable setting.
10 // Get our list of banned roles.
11 $restricted = \Drupal::config('example.settings')->get('restricted_roles');
13 if ($op != 'view' && !empty($restricted)) {
14 // Now check the roles for this account against the restrictions.
15 foreach ($account->getRoles() as $rid) {
16 if (in_array($rid, $restricted)) {