1 files changed, 16 insertions, 12 deletions

diff --git a/modules/node/node.module b/modules/node/node.module
index fff04872a..4c3141b25 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1294,6 +1294,10 @@ function node_permission() {
       'title' => t('Delete revisions'),
       'description' => t('Delete content revisions.'),
     ),
+    'view own unpublished content' => array(
+      'title' => t('View own unpublished content'),
+      'description' => t('View unpublished content created by the user'),
+    ),
   );
 
   foreach (node_type_get_types() as $type) {
@@ -2271,17 +2275,22 @@ function node_access($op, $node, $account = NULL) {
     return $access;
   }
 
+  // Check if authors can view their own unpublished nodes.
+  if ($op == 'view' && !$node->status && user_access('view own unpublished content', $account) && $account->uid == $node->uid && $account->uid != 0) {
+    return TRUE;
+  }
+
   // If the module did not override the access rights, use those set in the
   // node_access table.
-  if ($op != 'create' && $node->nid && $node->status) {
+  if ($op != 'create' && $node->nid) {
     $query = db_select('node_access');
     $query->addExpression('COUNT(*)');
-    $query
-      ->condition(db_or()
-        ->condition('nid', 0)
-        ->condition('nid', $node->nid)
-      )
-      ->condition('grant_' . $op, 1, '>=');
+    $query->condition('grant_' . $op, 1, '>=');
+    $nids = db_or()->condition('nid', $node->nid);
+    if ($node->status) {
+      $nids->condition('nid', 0);
+    }
+    $query->condition($nids);
 
     $grants = db_or();
     foreach (node_access_grants($op, $account) as $realm => $gids) {
@@ -2300,11 +2309,6 @@ function node_access($op, $node, $account = NULL) {
       ->fetchField();
   }
 
-  // Let authors view their own nodes.
-  if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
-    return TRUE;
-  }
-
   return FALSE;
 }