From 1f25fad44a8a97b62b4df91039c6c7b98da347b1 Mon Sep 17 00:00:00 2001
From: SquidSpirit <squid@squidspirit.com>
Date: Wed, 6 Aug 2025 22:05:06 +0800
Subject: [PATCH] BLOG-119 feat: add user_id parameter to get_all_post_info and
 get_post_by_id handlers for enhanced access control

---
 .../src/adapter/delivery/post_controller.rs    |  4 +++-
 .../use_case/get_all_post_info_use_case.rs     | 18 +++++++++++++++---
 .../framework/web/get_all_post_info_handler.rs |  7 ++++++-
 .../framework/web/get_post_by_id_handler.rs    |  1 +
 4 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/backend/feature/post/src/adapter/delivery/post_controller.rs b/backend/feature/post/src/adapter/delivery/post_controller.rs
index 31cddba..ca2ef5b 100644
--- a/backend/feature/post/src/adapter/delivery/post_controller.rs
+++ b/backend/feature/post/src/adapter/delivery/post_controller.rs
@@ -31,6 +31,7 @@ pub trait PostController: Send + Sync {
     async fn get_all_post_info(
         &self,
         query: PostQueryDto,
+        user_id: Option<i32>,
     ) -> Result<Vec<PostInfoResponseDto>, PostError>;
 
     async fn get_post_by_id(
@@ -103,10 +104,11 @@ impl PostController for PostControllerImpl {
     async fn get_all_post_info(
         &self,
         query: PostQueryDto,
+        user_id: Option<i32>,
     ) -> Result<Vec<PostInfoResponseDto>, PostError> {
         let result = self
             .get_all_post_info_use_case
-            .execute(query.is_published_only.unwrap_or(true))
+            .execute(query.is_published_only.unwrap_or(true), user_id)
             .await;
 
         result.map(|post_info_list| {
diff --git a/backend/feature/post/src/application/use_case/get_all_post_info_use_case.rs b/backend/feature/post/src/application/use_case/get_all_post_info_use_case.rs
index f2895d5..498342d 100644
--- a/backend/feature/post/src/application/use_case/get_all_post_info_use_case.rs
+++ b/backend/feature/post/src/application/use_case/get_all_post_info_use_case.rs
@@ -9,7 +9,11 @@ use crate::{
 
 #[async_trait]
 pub trait GetAllPostInfoUseCase: Send + Sync {
-    async fn execute(&self, is_published_only: bool) -> Result<Vec<PostInfo>, PostError>;
+    async fn execute(
+        &self,
+        is_published_only: bool,
+        user_id: Option<i32>,
+    ) -> Result<Vec<PostInfo>, PostError>;
 }
 
 pub struct GetAllPostInfoUseCaseImpl {
@@ -24,7 +28,15 @@ impl GetAllPostInfoUseCaseImpl {
 
 #[async_trait]
 impl GetAllPostInfoUseCase for GetAllPostInfoUseCaseImpl {
-    async fn execute(&self, is_published_only: bool) -> Result<Vec<PostInfo>, PostError> {
-        self.post_repository.get_all_post_info(is_published_only).await
+    async fn execute(
+        &self,
+        is_published_only: bool,
+        user_id: Option<i32>,
+    ) -> Result<Vec<PostInfo>, PostError> {
+        let is_published_only = is_published_only || user_id.is_some();
+
+        self.post_repository
+            .get_all_post_info(is_published_only)
+            .await
     }
 }
diff --git a/backend/feature/post/src/framework/web/get_all_post_info_handler.rs b/backend/feature/post/src/framework/web/get_all_post_info_handler.rs
index 2f3dd19..3d4ee41 100644
--- a/backend/feature/post/src/framework/web/get_all_post_info_handler.rs
+++ b/backend/feature/post/src/framework/web/get_all_post_info_handler.rs
@@ -1,5 +1,6 @@
 use actix_web::{HttpResponse, Responder, web};
 use anyhow::anyhow;
+use auth::framework::web::auth_middleware::UserId;
 use sentry::integrations::anyhow::capture_anyhow;
 
 use crate::{
@@ -15,6 +16,7 @@ use crate::{
     path = "/post",
     tag = "post",
     summary = "Get all post information",
+    description = "`is_published_only` query is only available for authenticated users.",
     params(
         PostQueryDto
     ),
@@ -25,8 +27,11 @@ use crate::{
 pub async fn get_all_post_info_handler(
     post_controller: web::Data<dyn PostController>,
     query: web::Query<PostQueryDto>,
+    user_id: Option<UserId>,
 ) -> impl Responder {
-    let result = post_controller.get_all_post_info(query.into_inner()).await;
+    let result = post_controller
+        .get_all_post_info(query.into_inner(), user_id.map(|id| id.get()))
+        .await;
 
     match result {
         Ok(post_info_list) => HttpResponse::Ok().json(post_info_list),
diff --git a/backend/feature/post/src/framework/web/get_post_by_id_handler.rs b/backend/feature/post/src/framework/web/get_post_by_id_handler.rs
index fd4a378..16ca48c 100644
--- a/backend/feature/post/src/framework/web/get_post_by_id_handler.rs
+++ b/backend/feature/post/src/framework/web/get_post_by_id_handler.rs
@@ -12,6 +12,7 @@ use crate::{
     path = "/post/{id}",
     tag = "post",
     summary = "Get post by ID",
+    description = "Only authenticated users can access unpublished posts.",
     responses (
         (status = 200, body = PostResponseDto),
         (status = 404, description = "Post not found")