import { NextRequest, NextResponse } from 'next/server'; import prisma from '@/lib/prisma'; export async function POST( req: NextRequest, context: { params: Promise<{ id: string }> } ) { const { id: ratingId } = await context.params; const userId = req.headers.get('x-user-id'); if (!userId) { return NextResponse.json({ error: 'Utilisateur non identifié' }, { status: 401 }); } try { const { reply } = await req.json(); if (!reply || reply.trim() === '') { return NextResponse.json({ error: 'La réponse ne peut pas être vide.' }, { status: 400 }); } // 1. Fetch the rating to identify the business const rating = await prisma.rating.findUnique({ where: { id: ratingId }, include: { business: { select: { ownerId: true } } } }); if (!rating) { return NextResponse.json({ error: 'Avis introuvable.' }, { status: 404 }); } // 2. Security: Only the owner of the business can reply if (rating.business.ownerId !== userId) { return NextResponse.json({ error: 'Action non autorisée. Seul l\'entrepreneur concerné peut répondre.' }, { status: 403 }); } // 3. Update the rating with the reply const updatedRating = await prisma.rating.update({ where: { id: ratingId }, data: { reply, replyAt: new Date() } }); return NextResponse.json({ success: true, reply: updatedRating.reply, replyAt: updatedRating.replyAt }); } catch (error: any) { console.error('Error replying to rating:', error); return NextResponse.json({ error: 'Erreur serveur lors de la réponse.' }, { status: 500 }); } }