Files
2026-04-18 22:10:19 +02:00

63 lines
1.9 KiB
TypeScript

import { NextRequest, NextResponse } from 'next/server';
import prisma from '@/lib/prisma';
export async function POST(
req: NextRequest,
context: { params: Promise<{ id: string }> }
) {
const { id: ratingId } = await context.params;
const userId = req.headers.get('x-user-id');
if (!userId) {
return NextResponse.json({ error: 'Utilisateur non identifié' }, { status: 401 });
}
try {
const { reply } = await req.json();
if (!reply || reply.trim() === '') {
return NextResponse.json({ error: 'La réponse ne peut pas être vide.' }, { status: 400 });
}
// 1. Fetch the rating to identify the business
const rating = await prisma.rating.findUnique({
where: { id: ratingId },
include: {
business: {
select: {
ownerId: true
}
}
}
});
if (!rating) {
return NextResponse.json({ error: 'Avis introuvable.' }, { status: 404 });
}
// 2. Security: Only the owner of the business can reply
if (rating.business.ownerId !== userId) {
return NextResponse.json({ error: 'Action non autorisée. Seul l\'entrepreneur concerné peut répondre.' }, { status: 403 });
}
// 3. Update the rating with the reply
const updatedRating = await prisma.rating.update({
where: { id: ratingId },
data: {
reply,
replyAt: new Date()
}
});
return NextResponse.json({
success: true,
reply: updatedRating.reply,
replyAt: updatedRating.replyAt
});
} catch (error: any) {
console.error('Error replying to rating:', error);
return NextResponse.json({ error: 'Erreur serveur lors de la réponse.' }, { status: 500 });
}
}