Describe the bug

If I'm not logged in, but I know the url of a draft, I can see it's content

Steps to reproduce (if necessary)

Steps to reproduce the behavior:

1. Login
2. Create and save a new draft and copy it's url (it looks something like https:://site.com/d/random-id)
3. Logout (or open a new incognito tab or anything)
4. (correct behaviour) go to the copied url (https:://site.com/d/random-id) and it shows a 404
5. (incorrect behaviour) add /edit/ to the copied url (https:://site.com/d/random-id/edit) and it shows you the edit page. You can't actually edit, but now you can see the content.

Expected behavior

What should've happened?

I would expect a 404 or some other error

Application configuration

• single mode
• sqlite
• no open registration
• federation disabled

Version or last commit:

writefreely -v only prints out WriteFreely but in my package manager it says I have version 0.11.2-2 installed