Views not respecting embargo

[seth-shaw-unlv]

I took an Islandora 1.1.0 image and created a collection with two items:

I then embargoed one of the collection members: "Item One, to be embargoed":

I then opened an incognito window to view the collection:

Notice that it gives a some-what misleading message, because it seems to indicate the collection is under embargo, while only one object in the collection actually is. (Side-note: so we should probably use the node's title instead of "This resource".) You will also see that the teaser of the embargoed node is still shown in the members view.

Clicking on the embargoed node's link does direct us to an "access denied" page; although the node shouldn't have appeared in the first place:

[seth-shaw-unlv]

Clearing cache doesn't help.

I also checked the node_access table and the embargoed item isn't included:

mysql> select * from node_access;
+-----+----------+----------+-----+-------+------------+--------------+--------------+
| nid | langcode | fallback | gid | realm | grant_view | grant_update | grant_delete |
+-----+----------+----------+-----+-------+------------+--------------+--------------+
|   0 |          |        1 |   0 | all   |          1 |            0 |            0 |
+-----+----------+----------+-----+-------+------------+--------------+--------------+
1 row in set (0.00 sec)

Ah! from the Drupal API documentation for function hook_ENTITY_TYPE_access:

Note that this hook is not called for listings (e.g., from entity queries and Views). For nodes, see Node access rights for a full explanation. For other entity types, see hook_query_TAG_alter().

[jordandukart]

Fixed in #24.