Добавлен эндпойнт /v1/admin/reviews #20

src/handlers/admin/admin_handler_reviews_by_id.erl

@@ -0,0 +1,93 @@
+-module(admin_handler_reviews_by_id).
+-behaviour(cowboy_handler).
+-export([init/2]).
+
+-include("records.hrl").
+
+init(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"GET">> -> get_review(Req);
+    <<"PUT">> -> update_review(Req);
+    _         -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+get_review(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      case admin_utils:is_admin(AdminId) of
+        true ->
+          ReviewId = cowboy_req:binding(id, Req1),
+          case core_review:get_by_id(ReviewId) of
+            {ok, Review} ->
+              send_json(Req1, 200, review_to_json(Review));
+            {error, not_found} ->
+              send_error(Req1, 404, <<"Review not found">>)
+          end;
+        false ->
+          send_error(Req1, 403, <<"Admin access required">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+update_review(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      case admin_utils:is_admin(AdminId) of
+        true ->
+          ReviewId = cowboy_req:binding(id, Req1),
+          {ok, Body, Req2} = cowboy_req:read_body(Req1),
+          try jsx:decode(Body, [return_maps]) of
+            #{<<"status">> := NewStatus} ->
+              case core_review:update_status(ReviewId, NewStatus) of
+                {ok, Review} ->
+                  send_json(Req2, 200, review_to_json(Review));
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Review not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            _ ->
+              send_error(Req2, 400, <<"Missing status field">>)
+          catch
+            _:_ -> send_error(Req2, 400, <<"Invalid JSON">>)
+          end;
+        false ->
+          send_error(Req1, 403, <<"Admin access required">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+review_to_json(R) ->
+  #{
+    id          => R#review.id,
+    user_id     => R#review.user_id,
+    target_type => R#review.target_type,
+    target_id   => R#review.target_id,
+    rating      => R#review.rating,
+    comment     => R#review.comment,
+    status      => R#review.status,
+    created_at  => datetime_to_iso8601(R#review.created_at),
+    updated_at  => datetime_to_iso8601(R#review.updated_at)
+  }.
+
+datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
+  iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
+    [Year, Month, Day, Hour, Minute, Second]));
+datetime_to_iso8601(undefined) -> undefined.
+
+send_json(Req, Status, Data) ->
+  Headers = #{
+    <<"content-type">> => <<"application/json">>,
+    <<"access-control-allow-origin">> => <<"*">>,
+    <<"access-control-expose-headers">> => <<"Content-Range">>
+  },
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, Headers, Body, Req),
+  {ok, Body, []}.
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
+  {ok, Body, []}.