@@ -508,14 +508,10 @@ def submit_event(request):
508508 cleaned ["status" ] = "PENDING"
509509 event = Events .objects .create (** cleaned )
510510
511- # Attempt to capture submitting user if available (optional for anonymous)
512- clerk_user_id = None
513- try :
514- clerk_user_id = (
515- getattr (request , "user" , None ) or {}
516- ).get ("id" )
517- except Exception :
518- clerk_user_id = None
511+ user_info = getattr (request , "auth_payload" , {})
512+ clerk_user_id = user_info .get ("sub" )
513+ if not clerk_user_id :
514+ return Response ({"error" : "User authentication required" }, status = status .HTTP_401_UNAUTHORIZED )
519515
520516 submission = EventSubmission .objects .create (
521517 screenshot_url = screenshot_url ,
@@ -537,24 +533,29 @@ def submit_event(request):
537533
538534@api_view (["GET" ])
539535@ratelimit (key = "ip" , rate = "100/hr" , block = True )
536+ @jwt_required
540537@admin_required
541538def get_submissions (request ):
542539 try :
543- print ('request' , request .user )
544- submissions = EventSubmission .objects .all ().order_by ("-submitted_at" )
545- data = [
546- {
540+ user_info = getattr (request , "auth_payload" , {})
541+ email_from_request = user_info .get ("email_addresses" , [{}])[0 ].get ("email_address" , None )
542+
543+ submissions = EventSubmission .objects .select_related ("created_event" ).all ().order_by ("-submitted_at" )
544+ data = []
545+ for s in submissions :
546+ data .append ({
547547 "id" : s .id ,
548548 "screenshot_url" : s .screenshot_url ,
549549 "source_url" : s .source_url ,
550550 "status" : s .status ,
551551 "submitted_by" : s .submitted_by ,
552+ "submitted_by_email" : email_from_request ,
552553 "submitted_at" : s .submitted_at ,
553554 "extracted_data" : s .extracted_data ,
554555 "event_id" : s .created_event_id ,
555- }
556- for s in submissions
557- ]
556+ "event_title" : s . created_event . title if s . created_event else None ,
557+ "admin_notes" : s . admin_notes ,
558+ })
558559 return Response (data )
559560
560561 except Exception as e :
@@ -603,56 +604,43 @@ def process_submission(request, submission_id):
603604@admin_required
604605@ratelimit (key = "ip" , rate = "100/hr" , block = True )
605606def review_submission (request , submission_id ):
606- """Approve, reject, or edit submission"""
607- try :
608- submission = get_object_or_404 (EventSubmission , id = submission_id )
609- action = request .data .get ("action" ) # 'approve', 'reject', 'edit'
610-
611- if action == "approve" :
612- # Ensure event exists (it should from submission time)
613- event = submission .created_event
614- if not event :
615- return Response ({"error" : "No linked event to approve" }, status = status .HTTP_400_BAD_REQUEST )
616-
617- submission .status = "approved"
618- submission .reviewed_at = timezone .now ()
619- submission .reviewed_by = request .user .get ('email_addresses' , [{}])[0 ].get ('email_address' )
620- submission .save ()
621-
622- return Response (
623- {"message" : "Event approved" , "event_id" : event .id }
624- )
625-
626- elif action == "reject" :
627- submission .status = "rejected"
628- submission .reviewed_at = timezone .now ()
629- submission .reviewed_by = request .user .get ('email_addresses' , [{}])[0 ].get ('email_address' )
630- submission .admin_notes = request .data .get ("notes" , "" )
631- submission .save ()
632-
633- return Response ({"message" : "Event rejected" })
634-
635- elif action == "edit" :
636- # Update event data and extracted_data
637- event_data = request .data .get ("event_data" ) or {}
638- submission .extracted_data = event_data
639- submission .save ()
640-
607+ """Approve or reject submission."""
608+ submission = get_object_or_404 (EventSubmission , id = submission_id )
609+ action = request .data .get ("action" )
610+ reviewer_id = getattr (request , "auth_payload" , {}).get ("sub" )
611+
612+ if action == "approve" :
613+ if not submission .created_event :
614+ return Response ({"error" : "No linked event to approve" }, status = status .HTTP_400_BAD_REQUEST )
615+
616+ # Get edited extracted_data if provided, otherwise use existing
617+ edited_data = request .data .get ("extracted_data" )
618+ if edited_data :
619+ submission .extracted_data = edited_data
620+
621+ # Update the linked event with the edited data
641622 event = submission .created_event
642- if event and isinstance (event_data , dict ):
623+ if event and isinstance (edited_data , dict ):
643624 for field in [f .name for f in Events ._meta .get_fields ()]:
644- if field in event_data :
645- setattr (event , field , event_data [field ])
625+ if field in edited_data :
626+ setattr (event , field , edited_data [field ])
646627 event .save ()
647-
648- return Response ({"message" : "Event data updated" })
649-
650- return Response (
651- {"error" : "Invalid action" }, status = status .HTTP_400_BAD_REQUEST
652- )
653-
654- except Exception as e :
655- return Response ({"error" : str (e )}, status = status .HTTP_500_INTERNAL_SERVER_ERROR )
628+
629+ submission .status = "approved"
630+ submission .reviewed_at = timezone .now ()
631+ submission .reviewed_by = reviewer_id
632+ submission .save ()
633+ return Response ({"message" : "Event approved" , "event_id" : submission .created_event .id })
634+
635+ elif action == "reject" :
636+ submission .status = "rejected"
637+ submission .reviewed_at = timezone .now ()
638+ submission .reviewed_by = reviewer_id
639+ submission .admin_notes = request .data .get ("admin_notes" , "" )
640+ submission .save ()
641+ return Response ({"message" : "Event rejected" })
642+
643+ return Response ({"error" : "Invalid action. Use 'approve' or 'reject'" }, status = status .HTTP_400_BAD_REQUEST )
656644
657645
658646@api_view (["GET" ])
0 commit comments