How to handle node access

Summary: I am after suggestions on how to handle node access for anon/auth, when there is a node type that is frequently in Draft, and those roles can't access the node when in draft, and so end up in the system Access Denied path.

Details: So we have Openings. The Openings are browseable by anon/auth users, and frequently cached by search engines, which is relevant because that's how most of the traffic arrives. The Openings are put into Draft when they are no longer applicable, but will be likely used again with minor modifications in the near future. 

I want to be able to route this particular type of query/response back to a view to search for different nodes that are available.

I have tried with nginx rules, but of course nginx has no idea of the perms backdrop is in charge of, so that's out.

I have tried Rules "before content is viewed", but that seems to be "before content is viewed" + "viewer has permission access to node"; they don't, so it is useless.

I have tried use hook_node_access  and url_inbound_alter but couldn't trip the right point.
 

Any hints?