Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Updated: Comment #0
Problem/Motivation
Steps to reproduce:
1. Create one unpublised article
2. Edit the frontpage view and add "Rendered entity - Content" to header area
3. Set the ID value to the nid of article created in step 1 and check "Display even if view has no result".
4. Save the view and logout
5. Node is rendered on front page
Proposed resolution
Remaining tasks
User interface changes
API changes
Related Issues
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | drupal-2087253-8-fail.patch | 2.67 KB | olli |
| #8 | drupal-2087253-8-pass.patch | 4.23 KB | olli |
| #6 | drupal-2087253-6.patch | 1.56 KB | olli |
Comments
Comment #1
dealancer commentedThis could be fixed by adding a checkbox setting "Check content access" in the "Rendered entity - Content" settings form. Similar checkboxes could be added to any "Rendered entity - *" .
The reason of the solution above is that a View allows us to display even unpublished or restricted results and we should be able to control everything there.
An other option is to perform a validation similar to a one of contextual filter.
Comment #2
olli commentedI agree. That seems to be the way it is in d7 to fix SA-CONTRIB-2013-068.
Comment #3
dealancer commentedSo I am closing this issue.
Comment #4
olli commentedI don't think that fix is in d8 yet.
Comment #5
dawehnerYou are right, thank you for spotting this.
Comment #6
olli commentedHere's the code from entity_views_handler_area_entity.inc.
No tests yet.
Comment #8
olli commentedHere's a test.
Comment #10
dawehnerPerfect!!
Comment #11
webchickCommitted and pushed to 8.x. Thanks!