Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.1046
diff -u -p -r1.1046 node.module
--- modules/node/node.module	12 May 2009 08:31:17 -0000	1.1046
+++ modules/node/node.module	12 May 2009 20:04:26 -0000
@@ -1351,6 +1351,10 @@ function node_perm() {
       'title' => t('Delete revisions'),
       'description' => t('Delete content revisions.'),
     ),
+    'view own unpublished content' => array(
+      'title' => t('View own unpublished content'),
+      'description' => t('View unpublished content created by the user'),
+    ),
   );
 
   foreach (node_get_types() as $type) {
@@ -2335,9 +2339,14 @@ function node_access($op, $node, $accoun
     return $access;
   }
 
+  // Check if authors can view their own unpublished nodes.
+  if ($op == 'view' && !$node->status && user_access('view own unpublished content', $account) && $account->uid == $node->uid && $account->uid != 0) {
+    return TRUE;
+  }
+
   // If the module did not override the access rights, use those set in the
   // node_access table.
-  if ($op != 'create' && $node->nid && $node->status) {
+  if ($op != 'create' && $node->nid) {
     $query = db_select('node_access');
     $query->addExpression('COUNT(*)');
     $query
@@ -2364,11 +2373,6 @@ function node_access($op, $node, $accoun
       ->fetchField();
   }
 
-  // Let authors view their own nodes.
-  if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
-    return TRUE;
-  }
-
   return FALSE;
 }
 
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.323
diff -u -p -r1.323 system.install
--- modules/system/system.install	12 May 2009 13:43:45 -0000	1.323
+++ modules/system/system.install	12 May 2009 20:04:27 -0000
@@ -3467,6 +3467,16 @@ function system_update_7023() {
 }
 
 /**
+ * Add new 'view own unpublished content' permission for authenticated users.
+ * Preserves legacy behavior from Drupal 6.x.
+ */
+function system_update_7024() {
+  $ret = array();
+  $ret[] = update_sql("INSERT INTO {role_permission}(rid, permission) VALUES (" . DRUPAL_AUTHENTICATED_RID . ", 'view own unpublished content')");
+  return $ret;
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */
Index: profiles/default/default.profile
===================================================================
RCS file: /cvs/drupal/drupal/profiles/default/default.profile,v
retrieving revision 1.41
diff -u -p -r1.41 default.profile
--- profiles/default/default.profile	30 Apr 2009 21:44:20 -0000	1.41
+++ profiles/default/default.profile	12 May 2009 20:04:28 -0000
@@ -204,6 +204,12 @@ function default_profile_tasks(&$task, $
   ))->execute();
   db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute();
 
+  // Add 'view own unpublished content' permission for authenticated users.
+  db_insert('role_permission')->fields(array(
+    'rid' => DRUPAL_AUTHENTICATED_RID,
+    'permission' => 'view own unpublished content',
+  ))->execute();
+
   // Update the menu router information.
   menu_rebuild();