User can't reference unpublished content even when they have access to it

Problem/Motivation

User gets an error when trying to reference an unpublished entity that they have just created and that he has full access to. This basically makes it impossible for a user to submit a set of unpublished interreferencing entities (e.g. artefact/architect/city).

Steps to reproduce:

1. Create content type A, make sure Published is unchecked in the Publishing options.
2. Create content type B, add an ER field referencing A, choose Autocomplete widget in Form display.
3. Create a test user, give permissions to View own unpublished content, to Create A and B, to Edit own A and B.
4. Log in as that user.
5. Create a test node of type A, verify that it is Unpublished and the user can see it.
6. Create a test node of type B, start typing the label of the A node just created, verify that it's not recognised and suggested by the system.
7. Type the complete label and hit Save, get the "No such entity" error.
8. Type the entity label followed by its nid in parentheses, still get the "This entity (node: N) cannot be referenced”

This issue also prevents the user w/ appropriate permissions from referencing unpublished entities authored by other users.

Proposed resolution

Allow referencing unpublished entities if the current user has access to them.

Remaining tasks

Resolve what to do for entities that are created via an entity-reference field. (See comments #43–46)

The gist of the problem: The existing kludge that Core had before this patch misleads site builders and content creators into inadvertently exposing private content. Is it more important to fix that, or is it more important to avoid changing existing behaviour (because some people may be relying on that).

Options include:

• Do not make any changes to entity creation.
• Roll a separate issue for this, possibly bump to Drupal 10.
• Decide that fixing the problem is more important than maintaining existing behaviour.

Secondly, some changes to tests were recommended in comment #43 that still need to be addressed.

User interface changes

none

API changes

none

Data model changes

none

Release notes snippet