From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 2 Mar 2026 17:44:31 +0000 (+0000)
Subject: api: Use the authenticated user to create reports
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4885545b27b61951c93acf73caeb884fe5dd0254;p=dbl.git

api: Use the authenticated user to create reports

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/dbl/api/lists.py b/src/dbl/api/lists.py
index cc2722e..95c9827 100644
--- a/src/dbl/api/lists.py
+++ b/src/dbl/api/lists.py
@@ -97,9 +97,6 @@ class CreateReport(pydantic.BaseModel):
 	# Domain
 	name : str
 
-	# Reported By
-	reported_by : str
-
 	# Comment
 	comment : str = ""
 
@@ -110,12 +107,12 @@ class CreateReport(pydantic.BaseModel):
 @router.post("/{list}/reports")
 async def list_report(
 	report: CreateReport,
-	auth = fastapi.Depends(require_api_key),
 	list = fastapi.Depends(get_list_from_path),
+	user = fastapi.Depends(require_api_key),
 ) -> reports.Report:
 	return await list.report(
 		name        = report.name,
-		reported_by = report.reported_by,
+		reported_by = user,
 		comment     = report.comment,
 		block       = report.block,
 	)
diff --git a/src/dbl/reports.py b/src/dbl/reports.py
index e4bf392..18fc9ce 100644
--- a/src/dbl/reports.py
+++ b/src/dbl/reports.py
@@ -26,6 +26,7 @@ import sqlmodel
 import uuid
 
 from . import database
+from . import users
 from .i18n import _
 
 # Setup logging
@@ -64,12 +65,16 @@ class Reports(object):
 
 		return await self.backend.db.fetch_one(stmt)
 
-	async def create(self, comment=None, **kwargs):
+	async def create(self, reported_by, comment=None, **kwargs):
 		"""
 			Creates a new report
 		"""
+		# The database can only handle users by their UID
+		if isinstance(reported_by, users.User):
+			reported_by = reported_by.uid
+
 		report = await self.backend.db.insert(
-			Report, **kwargs,
+			Report, reported_by=reported_by, **kwargs,
 		)
 
 		# Manifest the object in the database immediately to assign the ID