// src/Webshop.Api/Controllers/Customer/ReviewsController.cs using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using System.Security.Claims; using System.Threading.Tasks; using Webshop.Application; using Webshop.Application.DTOs.Reviews; using Webshop.Application.Services.Customers; namespace Webshop.Api.Controllers.Customer { [ApiController] [Route("api/v1/customer/[controller]")] [Authorize(Roles = "Customer")] public class ReviewsController : ControllerBase { private readonly ICustomerReviewService _customerReviewService; public ReviewsController(ICustomerReviewService customerReviewService) { _customerReviewService = customerReviewService; } [HttpPost] [ProducesResponseType(typeof(ReviewDto), StatusCodes.Status201Created)] [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status409Conflict)] public async Task CreateReview([FromBody] CreateReviewDto reviewDto) { if (!ModelState.IsValid) { return BadRequest(ModelState); } var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) { return Unauthorized(new { Message = "Benutzer konnte nicht identifiziert werden." }); } var result = await _customerReviewService.CreateReviewAsync(reviewDto, userId); return result.Type switch { ServiceResultType.Success => CreatedAtAction(null, new { id = result.Value!.Id }, result.Value), // 201 Created ServiceResultType.Unauthorized => Unauthorized(new { Message = result.ErrorMessage }), ServiceResultType.Forbidden => Forbid(), // 403 Forbidden ServiceResultType.Conflict => Conflict(new { Message = result.ErrorMessage }), // 409 Conflict _ => BadRequest(new { Message = result.ErrorMessage }) // 400 for InvalidInput or other failures }; } } }