api: Use the authenticated user to create reports

author Michael Tremer <michael.tremer@ipfire.org>

Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)
diff --git a/src/dbl/api/lists.py b/src/dbl/api/lists.py

index cc2722e9d4902e7e51eb35837cc45b567b1cf46f..95c98279f76d40f79ad8415acd0502aa517384ab 100644 (file)
--- a/src/dbl/api/lists.py
+++ b/src/dbl/api/lists.py
@@ -97,9 +97,6 @@ class CreateReport(pydantic.BaseModel):
         # Domain
         name : str
  
-       # Reported By
-       reported_by : str
-
         # Comment
         comment : str = ""
  
@@ -110,12 +107,12 @@ class CreateReport(pydantic.BaseModel):
  @router.post("/{list}/reports")
  async def list_report(
         report: CreateReport,
-       auth = fastapi.Depends(require_api_key),
         list = fastapi.Depends(get_list_from_path),
+       user = fastapi.Depends(require_api_key),
  ) -> reports.Report:
         return await list.report(
                 name        = report.name,
-               reported_by = report.reported_by,
+               reported_by = user,
                 comment     = report.comment,
                 block       = report.block,
         )
diff --git a/src/dbl/reports.py b/src/dbl/reports.py

index e4bf392ad0adc25211274cd87d626c3f0eb716e3..18fc9ceac73d778bd0c04a4c4250a40232e0da2a 100644 (file)
--- a/src/dbl/reports.py
+++ b/src/dbl/reports.py
@@ -26,6 +26,7 @@ import sqlmodel
  import uuid
  
  from . import database
+from . import users
  from .i18n import _
  
  # Setup logging
@@ -64,12 +65,16 @@ class Reports(object):
  
                 return await self.backend.db.fetch_one(stmt)
  
-       async def create(self, comment=None, **kwargs):
+       async def create(self, reported_by, comment=None, **kwargs):
                 """
                         Creates a new report
                 """
+               # The database can only handle users by their UID
+               if isinstance(reported_by, users.User):
+                       reported_by = reported_by.uid
+
                 report = await self.backend.db.insert(
-                       Report, **kwargs,
+                       Report, reported_by=reported_by, **kwargs,
                 )
  
                 # Manifest the object in the database immediately to assign the ID
author	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 2 Mar 2026 17:44:31 +0000 (17:44 +0000)
src/dbl/api/lists.py		patch \| blob \| blame \| history
src/dbl/reports.py		patch \| blob \| blame \| history