Description of the bug (not sure if this can be considered a bug).
entity_access() currently ignores checking for access to operations view, update and delete if no entity is provided.
There are situations when one may invoke, for example, entity_access('view', 'node'); to check if a user can view any content (Rules does this). So, instead of ignoring (and returning null), the function should actually check for that access. The issue is that, since there is no entity, we have not way to invoke $node->access().
In D7, Entity API included a access callback key/value pair in hook_entity_info() which allowed someone to specify the access callback, which could be invoked without the need of having an actual entity object handy. That would solve this situation.
AFAIK, because of this, Backdrop currently has not abstracted way to check access to entities when there is no entity available, other than directly checking the permission doing user_access(). This creates problems for modules that deal with many types of entities in abstract ways, like Entity Reference and Rules.
I'm really at a loss on how to solve this issue - or even if it's necessary to solve it. I guess one way to deal with this is by modifying projects like Rules to granularly check for user permissions.
Any feedback or thoughts will be appreciated. I'm trying to get Rules to deal in a sensible way with access checks.
Recent comments
I use Lando (a wrapper for docker) and find settings changes happen straight away
How often is the settings.php loaded.
You might need to add a Relationship in the View to Flags. Or there might be a setting on the content type. I can't recall for certain but I think it's possible.
No Flag fields in Views
Try using caching in the View settings, set to 24 hours. This should work for anonymous site visitors.
View to show a different node each day