pennlabs · LautaroJBeck · Feb 28, 2026 · Mar 1, 2026 · Mar 1, 2026 · Mar 1, 2026
diff --git a/backend/market/serializers.py b/backend/market/serializers.py
@@ -46,7 +46,14 @@ class OfferSerializer(ModelSerializer):
 
     class Meta:
         model = Offer
-        fields = ["id", "user", "listing", "offered_price", "message", "created_at"]
+        fields = [
+            "id",
+            "user",
+            "listing",
+            "offered_price",
+            "message",
+            "created_at",
+        ]
         read_only_fields = ["id", "created_at", "user"]
 
     def create(self, validated_data):

diff --git a/backend/market/urls.py b/backend/market/urls.py
@@ -11,8 +11,10 @@
     OffersReceived,
     Tags,
     UserFavorites,
+    accept_offer,
     get_current_user,
     get_phone_status,
+    reject_offer,
     send_verification_code,
     verify_phone_code,
 )
@@ -46,9 +48,12 @@
     # post: create an offer for an listing
     # delete: delete an offer for an listing
     path(
-        "listings/<listing_id>/offers/",
+        "listings/<int:listing_id>/offers/",
         Offers.as_view({"get": "list", "post": "create", "delete": "destroy"}),
     ),
+    # Offer accept / reject
+    path("offers/<int:offer_id>/accept/", accept_offer, name="offer-accept"),
+    path("offers/<int:offer_id>/reject/", reject_offer, name="offer-reject"),
     # Image Creation
     path("listings/<listing_id>/images/", CreateImages.as_view()),
     # Image Deletion

diff --git a/backend/market/views.py b/backend/market/views.py
@@ -342,6 +342,28 @@ def list(self, request, *args, **kwargs):
         return super().list(request, *args, **kwargs)
 
 
+@api_view(["POST"])
+@permission_classes([IsAuthenticated])
+def accept_offer(request, offer_id):
+    offer = get_object_or_404(Offer, pk=offer_id)
+    if offer.listing.seller != request.user:
+        raise exceptions.PermissionDenied("Only the listing owner can accept offers.")
+    offer.status = Offer.Status.ACCEPTED
+    offer.save(update_fields=["status"])
+    return Response(OfferSerializer(offer).data)
+
+
+@api_view(["POST"])
+@permission_classes([IsAuthenticated])
+def reject_offer(request, offer_id):
+    offer = get_object_or_404(Offer, pk=offer_id)
+    if offer.listing.seller != request.user:
+        raise exceptions.PermissionDenied("Only the listing owner can reject offers.")
+    offer.status = Offer.Status.REJECTED
+    offer.save(update_fields=["status"])
+    return Response(OfferSerializer(offer).data)
+
+
 @api_view(["POST"])
 @permission_classes([IsAuthenticated])
 def send_verification_code(request):

diff --git a/frontend/app/items/[id]/page.tsx b/frontend/app/items/[id]/page.tsx
@@ -1,9 +1,20 @@
 import { ListingDetail } from "@/components/listings/detail/ListingDetail";
-import { getListingOrNotFound } from "@/lib/actions";
+import { getCurrentUser, getListingOrNotFound, getOffersReceived } from "@/lib/actions";
 
 export default async function ItemPage({ params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
-  const item = await getListingOrNotFound(id);
+  const [item, currentUser] = await Promise.all([getListingOrNotFound(id), getCurrentUser()]);
+  const isOwner = currentUser?.id === item.seller.id;
+  const offersResponse = isOwner ? await getOffersReceived() : null;
+  const offers = offersResponse?.results?.filter((offer) => offer.listing === item.id) ?? [];
 
-  return <ListingDetail listing={item} initialIsFavorited={item.is_favorited ?? false} />;
+  return (
+    <ListingDetail
+      listing={item}
+      initialIsFavorited={item.is_favorited ?? false}
+      offers={offers}
+      offersMode={isOwner ? "received" : "made"}
+      canEdit={isOwner}
+    />
+  );
 }
diff --git a/frontend/app/sublets/[id]/page.tsx b/frontend/app/sublets/[id]/page.tsx
@@ -1,9 +1,25 @@
 import { ListingDetail } from "@/components/listings/detail/ListingDetail";
-import { getListingOrNotFound } from "@/lib/actions";
+import {
+  getCurrentUser,
+  getListingOrNotFound,
+  getOffersMade,
+  getOffersReceived,
+} from "@/lib/actions";
 
 export default async function SubletPage({ params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
-  const sublet = await getListingOrNotFound(id);
+  const [sublet, currentUser] = await Promise.all([getListingOrNotFound(id), getCurrentUser()]);
+  const isOwner = currentUser?.id === sublet.seller.id;
+  const offersResponse = await (isOwner ? getOffersReceived() : getOffersMade());
+  const offers = offersResponse?.results?.filter((offer) => offer.listing === sublet.id) ?? [];
 
-  return <ListingDetail listing={sublet} initialIsFavorited={sublet.is_favorited ?? false} />;
+  return (
+    <ListingDetail
+      listing={sublet}
+      initialIsFavorited={sublet.is_favorited ?? false}
+      offers={offers}
+      offersMode={isOwner ? "received" : "made"}
+      canEdit={isOwner}
+    />
+  );
 }
diff --git a/frontend/components/listings/detail/ListingActions.tsx b/frontend/components/listings/detail/ListingActions.tsx
@@ -14,6 +14,7 @@ interface Props {
   listingPrice: number;
   listingOwnerLabel: string;
   priceLabel?: string;
+  canEdit?: boolean;
 }
 
 type ModalState = "none" | "phone-input" | "verification" | "offer";
@@ -23,6 +24,7 @@ export const ListingActions = ({
   listingPrice,
   priceLabel,
   listingOwnerLabel,
+  canEdit = false,
 }: Props) => {
   const [modalState, setModalState] = useState<ModalState>("none");
   const [pendingPhoneNumber, setPendingPhoneNumber] = useState<string>("");
@@ -35,6 +37,10 @@ export const ListingActions = ({
     queryFn: getPhoneStatus,
   });
 
+  if (canEdit) {
+    return null;
+  }
+
   const handleMakeOfferClick = () => {
     if (!phoneStatus) return;