This session will explain what goes on behind the scenes regarding access control in D8, and walk through how Drupal decides what content is available to a user.
We will start by reviewing popular access control modules, such as "Organic Groups", "TAC", "Workbench", etc., and how you can make them work together. Then we will take a step beyond "hook_node_access()" - and why you should avoid it -, and learn to use the Grant API to implement your own access control modules.
We will also cover how the Entity API plays in to control access to non-node entities.