Issue #2087253 by olli: Views entity area handler does not check view access.

core/modules/system/tests/modules/entity_test/entity_test.module

@@ -544,6 +544,7 @@ function entity_test_entity_prepare_view($entity_type, array $entities, array $d
  */
 function entity_test_entity_access(EntityInterface $entity, $operation, AccountInterface $account, $langcode) {
   \Drupal::state()->set('entity_test_entity_access', TRUE);
+  return \Drupal::state()->get("entity_test_entity_access.{$operation}." . $entity->id(), NULL);
 }
 
 /**

core/modules/views/lib/Drupal/views/Plugin/views/area/Entity.php

@@ -46,6 +46,7 @@ protected function defineOptions() {
 
     $options['entity_id'] = array('default' => '');
     $options['view_mode'] = array('default' => 'default');
+    $options['bypass_access'] = array('default' => FALSE);
 
     return $options;
   }
@@ -69,6 +70,13 @@ public function buildOptionsForm(&$form, &$form_state) {
       '#type' => 'textfield',
       '#default_value' => $this->options['entity_id'],
     );
+
+    $form['bypass_access'] = array(
+      '#type' => 'checkbox',
+      '#title' => t('Bypass access checks'),
+      '#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
+      '#default_value' => !empty($this->options['bypass_access']),
+    );
   }
 
   /**
@@ -93,7 +101,8 @@ protected function buildViewModeOptions() {
   public function render($empty = FALSE) {
     if (!$empty || !empty($this->options['empty'])) {
       $entity_id = $this->tokenizeValue($this->options['entity_id']);
-      if ($entity = entity_load($this->entityType, $entity_id)) {
+      $entity = entity_load($this->entityType, $entity_id);
+      if ($entity && (!empty($this->options['bypass_access']) || $entity->access('view'))) {
         return entity_view($entity, $this->options['view_mode']);
       }
     }

core/modules/views/lib/Drupal/views/Tests/Handler/AreaEntityTest.php

@@ -8,7 +8,7 @@
 namespace Drupal\views\Tests\Handler;
 
 use Drupal\views\Tests\ViewTestBase;
-use Drupal\views\Tests\ViewUnitTestBase;
+use Drupal\views\Views;
 
 /**
  * Tests the generic entity area handler.
@@ -79,12 +79,13 @@ public function testEntityAreaData() {
   public function testEntityArea() {
 
     $entities = array();
-    for ($i = 0; $i < 2; $i++) {
+    for ($i = 0; $i < 3; $i++) {
       $random_label = $this->randomName();
       $data = array('bundle' => 'entity_test', 'name' => $random_label);
       $entity_test = $this->container->get('entity.manager')->getStorageController('entity_test')->create($data);
       $entity_test->save();
       $entities[] = $entity_test;
+      \Drupal::state()->set('entity_test_entity_access.view.' . $entity_test->id(), $i != 2);
     }
 
     $view = views_get_view('test_entity_area');
@@ -112,6 +113,13 @@ public function testEntityArea() {
     $this->assertTrue(strpos(trim((string) $result[0]), $entities[0]->label()) !== FALSE, 'The rendered entity appears in the header of the view.');
     $this->assertTrue(strpos(trim((string) $result[0]), 'test') !== FALSE, 'The rendered entity appeared in the right view mode.');
 
+    // Test entity access.
+    $view = Views::getView('test_entity_area');
+    $preview = $view->preview('default', array($entities[2]->id()));
+    $this->drupalSetContent(drupal_render($preview));
+    $result = $this->xpath('//div[@class = "view-footer"]');
+    $this->assertTrue(strpos($result[0], $entities[2]->label()) === FALSE, 'The rendered entity does not appear in the footer of the view.');
+
     // Test the available view mode options.
     $form = array();
     $form_state = array();