List Draft Posts Endpoint

Watch Code

Building on our post listing functionality from the previous lesson, we'll now implement a secure endpoint for writers to view their draft posts.

This feature enables content creators to manage their works in progress effectively through the blog platform.

Repository Query Definition

The PostRepository requires a specialized query method to fetch user-specific drafts:

@Repository
public interface PostRepository extends JpaRepository<Post, UUID> {
    // ... existing methods ...
    List<Post> findAllByAuthorAndStatus(User author, PostStatus status);
}

Service Interface Enhancement

The PostService interface expands to support draft post retrieval:

public interface PostService {
    // ...
    List<Post> getDraftPosts(User user);
}

Service Implementation

The PostServiceImpl implements draft retrieval with proper user context:

@Service
@RequiredArgsConstructor
public class PostServiceImpl implements PostService {
    //...
    private final PostRepository postRepository;


    @Override
    public List<Post> getDraftPosts(User user) {
        return postRepository.findAllByAuthorAndStatus(user, PostStatus.DRAFT);
    }
}

Post Controller Method Declaration

The draft posts endpoint requires careful handling of user authentication to maintain content security:

@GetMapping(path = "/drafts")
public ResponseEntity<List<PostDto>> getDrafts(@RequestAttribute UUID userId) {
    User loggedInUser = userService.getUserById(userId);
    List<Post> draftPosts = postService.getDraftPosts(loggedInUser);
    List<PostDto> postDtos = draftPosts.stream().map(postMapper::toDto).toList();
    return ResponseEntity.ok(postDtos);
}

Security Filter Chain Updates

Let's update the SecurityFilterChain to secure the drafts endpoint:

 // ...
public SecurityFilterChain securityFilterChain(
        HttpSecurity http,
        JwtAuthenticationFilter jwtAuthenticationFilter) throws Exception {
    http
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(HttpMethod.POST, "/api/v1/auth/login").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/v1/posts/drafts").authenticated()
                    .requestMatchers(HttpMethod.GET, "/api/v1/posts/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/v1/categories/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/v1/tags/**").permitAll()
                    .anyRequest().authenticated()
            )
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session ->
                    session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            ).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

    return http.build();
}

Summary

Implemented secure draft post retrieval with user context validation
Added service layer support for user-specific draft access
Created repository query method for efficient draft filtering