[Bug?] Initial draft document still appears, even if setting draft: false

[adam-mrozik]

Hey,

I have been using the draft functionality and it works okay for most cases. For example, when I edit a published document and save it as draft, draft:true returns the new version, while draft: false returns the old one.

The only issue I have is when creating an initial document. If I save it as a draft, it still appears in the GraphQL results, even though parameter draft is set to false and _status cleary equals draft:

Query:

{      
Posts(draft: false) {
      ...
        }
}

Data:

{
  "data": {
    "Posts": {
      "docs": [
        {
          "slug": "draftpost",
          "id": "636ce5b17d7132a06587cc6f",
          "title": "DRAFT POST",
          "_status": "draft",
          "tags": [],
          "summary": null,
          "author": null,
          "publishedDate": null,
          "content": null,
          "meta": {
            "title": null,
            "description": null
          }
        },
...

payload setting:

Expected behaviour:
draft: false excludes all documents with _status: draft

[jmikrut]

You need to write access control to restrict who can see documents with status: '_draft'.

The ?draft=true REST query parameter is only responsible for replacing documents' contents with their newest draft content and does not have any restrictions around who can see the documents returned vs. who can't. That's a job for access control.

Take a look at the docs here:
https://payloadcms.com/docs/versions/drafts#controlling-who-can-see-collection-drafts