ShopSolution-backend/Webshop.Api/Controllers/Customers/ReviewsController.cs

// src/Webshop.Api/Controllers/Customer/ReviewsController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
using System.Threading.Tasks;
using Webshop.Application;
using Webshop.Application.DTOs.Reviews;
using Webshop.Application.Services.Customers;

namespace Webshop.Api.Controllers.Customer
{
    [ApiController]
    [Route("api/v1/customer/[controller]")]
    [Authorize(Roles = "Customer")]
    public class ReviewsController : ControllerBase
    {
        private readonly ICustomerReviewService _customerReviewService;

        public ReviewsController(ICustomerReviewService customerReviewService)
        {
            _customerReviewService = customerReviewService;
        }

        [HttpPost]
        [ProducesResponseType(typeof(ReviewDto), StatusCodes.Status201Created)]
        [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status403Forbidden)]
        [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status409Conflict)]
        public async Task<IActionResult> CreateReview([FromBody] CreateReviewDto reviewDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
            if (string.IsNullOrEmpty(userId))
            {
                return Unauthorized(new { Message = "Benutzer konnte nicht identifiziert werden." });
            }

            var result = await _customerReviewService.CreateReviewAsync(reviewDto, userId);

            return result.Type switch
            {
                ServiceResultType.Success => CreatedAtAction(null, new { id = result.Value!.Id }, result.Value), // 201 Created
                ServiceResultType.Unauthorized => Unauthorized(new { Message = result.ErrorMessage }),
                ServiceResultType.Forbidden => Forbid(), // 403 Forbidden
                ServiceResultType.Conflict => Conflict(new { Message = result.ErrorMessage }), // 409 Conflict
                _ => BadRequest(new { Message = result.ErrorMessage }) // 400 for InvalidInput or other failures
            };
        }
    }
}