From 64bc7f5e31ddfbc778676f56a53464bff64ad18f Mon Sep 17 00:00:00 2001
From: Bram de Leeuw <bram.deleeuw@wearejust.com>
Date: Wed, 2 Apr 2025 22:06:02 +0200
Subject: [PATCH 1/7] only apply the published filter when not in preview mode

---
 src/GraphQL/Queries/EntriesQuery.php | 2 +-
 src/GraphQL/Queries/EntryQuery.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/GraphQL/Queries/EntriesQuery.php b/src/GraphQL/Queries/EntriesQuery.php
index 434ec3cf22..b5a6e5d766 100644
--- a/src/GraphQL/Queries/EntriesQuery.php
+++ b/src/GraphQL/Queries/EntriesQuery.php
@@ -76,7 +76,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (! isset($filters['status']) && ! isset($filters['published'])) {
+        if (!request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
             $filters['status'] = 'published';
         }
 
diff --git a/src/GraphQL/Queries/EntryQuery.php b/src/GraphQL/Queries/EntryQuery.php
index 9e2e870ff9..b24246dc3f 100644
--- a/src/GraphQL/Queries/EntryQuery.php
+++ b/src/GraphQL/Queries/EntryQuery.php
@@ -107,7 +107,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (! isset($filters['status']) && ! isset($filters['published'])) {
+        if (!request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
             $filters['status'] = 'published';
         }
 

From fde07458079b34edafa14dfa4c63a8cf9bf90528 Mon Sep 17 00:00:00 2001
From: Bram de Leeuw <bram.deleeuw@wearejust.com>
Date: Wed, 2 Apr 2025 22:16:26 +0200
Subject: [PATCH 2/7] fix linting

---
 src/GraphQL/Queries/EntriesQuery.php | 2 +-
 src/GraphQL/Queries/EntryQuery.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/GraphQL/Queries/EntriesQuery.php b/src/GraphQL/Queries/EntriesQuery.php
index b5a6e5d766..de52a84aee 100644
--- a/src/GraphQL/Queries/EntriesQuery.php
+++ b/src/GraphQL/Queries/EntriesQuery.php
@@ -76,7 +76,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (!request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
+        if (! request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
             $filters['status'] = 'published';
         }
 
diff --git a/src/GraphQL/Queries/EntryQuery.php b/src/GraphQL/Queries/EntryQuery.php
index b24246dc3f..fa97a57608 100644
--- a/src/GraphQL/Queries/EntryQuery.php
+++ b/src/GraphQL/Queries/EntryQuery.php
@@ -107,7 +107,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (!request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
+        if (! request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
             $filters['status'] = 'published';
         }
 

From 26c87b02d1b7a10cf5f747725a312222022f688c Mon Sep 17 00:00:00 2001
From: Bram de Leeuw <bram.deleeuw@wearejust.com>
Date: Fri, 4 Apr 2025 09:34:46 +0200
Subject: [PATCH 3/7] added testcase and fix array default for empty filters

---
 src/GraphQL/Queries/EntryQuery.php  |  2 +-
 tests/Feature/GraphQL/EntryTest.php | 41 +++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/src/GraphQL/Queries/EntryQuery.php b/src/GraphQL/Queries/EntryQuery.php
index fa97a57608..bb6f2d0577 100644
--- a/src/GraphQL/Queries/EntryQuery.php
+++ b/src/GraphQL/Queries/EntryQuery.php
@@ -69,7 +69,7 @@ public function resolve($root, $args)
             $query->where('site', $site);
         }
 
-        $filters = $args['filter'] ?? null;
+        $filters = $args['filter'] ?? [];
 
         $this->filterQuery($query, $filters);
 
diff --git a/tests/Feature/GraphQL/EntryTest.php b/tests/Feature/GraphQL/EntryTest.php
index c4593d1da1..d41a6ad434 100644
--- a/tests/Feature/GraphQL/EntryTest.php
+++ b/tests/Feature/GraphQL/EntryTest.php
@@ -4,6 +4,7 @@
 
 use Facades\Statamic\API\FilterAuthorizer;
 use Facades\Statamic\API\ResourceAuthorizer;
+use Facades\Statamic\CP\LivePreview;
 use Facades\Statamic\Fields\BlueprintRepository;
 use Facades\Tests\Factories\EntryFactory;
 use PHPUnit\Framework\Attributes\DataProvider;
@@ -755,4 +756,44 @@ public function it_only_shows_published_entries_by_default()
                 'title' => 'That will be so rad!',
             ]]]);
     }
+
+
+    #[Test]
+    public function it_only_shows_unpublished_entries_with_token()
+    {
+        FilterAuthorizer::shouldReceive('allowedForSubResources')
+            ->andReturn(['published', 'status']);
+
+        $entry = EntryFactory::collection('blog')
+            ->id('6')
+            ->slug('that-was-so-rad')
+            ->data(['title' => 'That was so rad!'])
+            ->published(false)
+            ->create();
+
+        $query = <<<'GQL'
+{
+    entry(id: "6") {
+        id
+        title
+    }
+}
+GQL;
+
+        $this
+            ->withoutExceptionHandling()
+            ->post('/graphql', ['query' => $query])
+            ->assertGqlOk()
+            ->assertExactJson(['data' => ['entry' => null]]);
+
+            $token = LivePreview::tokenize('test-token', $entry);
+        $this
+            ->withoutExceptionHandling()
+            ->post("/graphql?token=test-token", ['query' => $query])
+            ->assertGqlOk()
+            ->assertExactJson(['data' => ['entry' => [
+                'id' => '6',
+                'title' => 'That was so rad!',
+            ]]]);
+    }
 }

From 6f8eb746a54307e01e823c4abf943be9e97d4eb6 Mon Sep 17 00:00:00 2001
From: Bram de Leeuw <bram.deleeuw@wearejust.com>
Date: Fri, 4 Apr 2025 09:39:10 +0200
Subject: [PATCH 4/7] fix linting

---
 tests/Feature/GraphQL/EntryTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Feature/GraphQL/EntryTest.php b/tests/Feature/GraphQL/EntryTest.php
index d41a6ad434..c441cb18f0 100644
--- a/tests/Feature/GraphQL/EntryTest.php
+++ b/tests/Feature/GraphQL/EntryTest.php
@@ -786,10 +786,10 @@ public function it_only_shows_unpublished_entries_with_token()
             ->assertGqlOk()
             ->assertExactJson(['data' => ['entry' => null]]);
 
-            $token = LivePreview::tokenize('test-token', $entry);
+        $token = LivePreview::tokenize('test-token', $entry);
         $this
             ->withoutExceptionHandling()
-            ->post("/graphql?token=test-token", ['query' => $query])
+            ->post('/graphql?token=test-token', ['query' => $query])
             ->assertGqlOk()
             ->assertExactJson(['data' => ['entry' => [
                 'id' => '6',

From 1a9e55b218e3f02cdf323960651b68007b87849c Mon Sep 17 00:00:00 2001
From: Bram de Leeuw <bram.deleeuw@wearejust.com>
Date: Fri, 4 Apr 2025 09:43:53 +0200
Subject: [PATCH 5/7] fix linting

---
 tests/Feature/GraphQL/EntryTest.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/Feature/GraphQL/EntryTest.php b/tests/Feature/GraphQL/EntryTest.php
index c441cb18f0..a5c766d82f 100644
--- a/tests/Feature/GraphQL/EntryTest.php
+++ b/tests/Feature/GraphQL/EntryTest.php
@@ -757,7 +757,6 @@ public function it_only_shows_published_entries_by_default()
             ]]]);
     }
 
-
     #[Test]
     public function it_only_shows_unpublished_entries_with_token()
     {

From 7c67270bf5b33643147495ceefbf9238a8ca1bbf Mon Sep 17 00:00:00 2001
From: Jason Varga <jason@pixelfear.com>
Date: Fri, 25 Apr 2025 16:46:26 -0400
Subject: [PATCH 6/7] only do it for the single entry query

---
 src/GraphQL/Queries/EntriesQuery.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/GraphQL/Queries/EntriesQuery.php b/src/GraphQL/Queries/EntriesQuery.php
index de52a84aee..434ec3cf22 100644
--- a/src/GraphQL/Queries/EntriesQuery.php
+++ b/src/GraphQL/Queries/EntriesQuery.php
@@ -76,7 +76,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (! request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
+        if (! isset($filters['status']) && ! isset($filters['published'])) {
             $filters['status'] = 'published';
         }
 

From 4c34da2f71e0628672b6bdd050d065cb7b7c4374 Mon Sep 17 00:00:00 2001
From: Jason Varga <jason@pixelfear.com>
Date: Fri, 25 Apr 2025 16:48:03 -0400
Subject: [PATCH 7/7] create token before the first request to ensure just the
 existence of the token isnt the thing making it work

---
 tests/Feature/GraphQL/EntryTest.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/Feature/GraphQL/EntryTest.php b/tests/Feature/GraphQL/EntryTest.php
index a5c766d82f..e54dacdb72 100644
--- a/tests/Feature/GraphQL/EntryTest.php
+++ b/tests/Feature/GraphQL/EntryTest.php
@@ -770,6 +770,8 @@ public function it_only_shows_unpublished_entries_with_token()
             ->published(false)
             ->create();
 
+        LivePreview::tokenize('test-token', $entry);
+
         $query = <<<'GQL'
 {
     entry(id: "6") {
@@ -785,7 +787,6 @@ public function it_only_shows_unpublished_entries_with_token()
             ->assertGqlOk()
             ->assertExactJson(['data' => ['entry' => null]]);
 
-        $token = LivePreview::tokenize('test-token', $entry);
         $this
             ->withoutExceptionHandling()
             ->post('/graphql?token=test-token', ['query' => $query])