63 lines
1.9 KiB
TypeScript
63 lines
1.9 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import prisma from '@/lib/prisma';
|
|
|
|
export async function POST(
|
|
req: NextRequest,
|
|
context: { params: Promise<{ id: string }> }
|
|
) {
|
|
const { id: ratingId } = await context.params;
|
|
const userId = req.headers.get('x-user-id');
|
|
|
|
if (!userId) {
|
|
return NextResponse.json({ error: 'Utilisateur non identifié' }, { status: 401 });
|
|
}
|
|
|
|
try {
|
|
const { reply } = await req.json();
|
|
|
|
if (!reply || reply.trim() === '') {
|
|
return NextResponse.json({ error: 'La réponse ne peut pas être vide.' }, { status: 400 });
|
|
}
|
|
|
|
// 1. Fetch the rating to identify the business
|
|
const rating = await prisma.rating.findUnique({
|
|
where: { id: ratingId },
|
|
include: {
|
|
business: {
|
|
select: {
|
|
ownerId: true
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
if (!rating) {
|
|
return NextResponse.json({ error: 'Avis introuvable.' }, { status: 404 });
|
|
}
|
|
|
|
// 2. Security: Only the owner of the business can reply
|
|
if (rating.business.ownerId !== userId) {
|
|
return NextResponse.json({ error: 'Action non autorisée. Seul l\'entrepreneur concerné peut répondre.' }, { status: 403 });
|
|
}
|
|
|
|
// 3. Update the rating with the reply
|
|
const updatedRating = await prisma.rating.update({
|
|
where: { id: ratingId },
|
|
data: {
|
|
reply,
|
|
replyAt: new Date()
|
|
}
|
|
});
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
reply: updatedRating.reply,
|
|
replyAt: updatedRating.replyAt
|
|
});
|
|
|
|
} catch (error: any) {
|
|
console.error('Error replying to rating:', error);
|
|
return NextResponse.json({ error: 'Erreur serveur lors de la réponse.' }, { status: 500 });
|
|
}
|
|
}
|