/Drupal 8

function hook_block_access

hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account)

Control access to a block instance.

Modules may implement this hook if they want to have a say in whether or not a given user has access to perform a given operation on a block instance.


\Drupal\block\Entity\Block $block: The block instance.

string $operation: The operation to be performed; for instance, 'view', 'create', 'delete', or 'update'.

\Drupal\Core\Session\AccountInterface $account: The user object to perform the access check operation on.

Return value

\Drupal\Core\Access\AccessResultInterface The access result. If all implementations of this hook return AccessResultInterface objects whose value is !isAllowed() and !isForbidden(), then default access rules from \Drupal\block\BlockAccessControlHandler::checkAccess() are used.

See also



Related topics

Block API
Information about the classes and interfaces that make up the Block API.
Define functions that alter the behavior of Drupal core.


core/modules/block/block.api.php, line 208
Hooks provided by the Block module.


function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account) {
  // Example code that would prevent displaying the 'Powered by Drupal' block in
  // a region different than the footer.
  if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') {
    return AccessResult::forbiddenIf($block->getRegion() != 'footer')->addCacheableDependency($block);

  // No opinion.
  return AccessResult::neutral();

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.