From 90d4b14ea513138a391cd794feb86636bdacadaf Mon Sep 17 00:00:00 2001
From: Daniel Vainio <daniel.vainio@protonmail.com>
Date: Thu, 16 Oct 2025 17:24:51 +0300
Subject: [PATCH] Reduce the amount of Reports a user can make

Redeuce the amount of Reports a user can create per package listing to
one with exception for superusers.

Refs. TS-2742
---
 .../cyberstorm/services/package_listing.py    | 11 ++++
 .../services/test_package_listing_services.py | 56 +++++++++++++++++++
 .../tests/test_package_listing_actions.py     | 21 +++++++
 3 files changed, 88 insertions(+)

diff --git a/django/thunderstore/api/cyberstorm/services/package_listing.py b/django/thunderstore/api/cyberstorm/services/package_listing.py
index 3e78ef689..d3de0f3bf 100644
--- a/django/thunderstore/api/cyberstorm/services/package_listing.py
+++ b/django/thunderstore/api/cyberstorm/services/package_listing.py
@@ -68,6 +68,17 @@ def report_package_listing(
 ) -> None:
     user = validate_user(agent)
 
+    existing_reports = PackageReport.objects.filter(
+        submitted_by=user,
+        package_listing=package_listing,
+        is_automated=False,
+        is_active=True,
+    )
+
+    if existing_reports.exists() and not user.is_superuser:
+        error_msg = "You have already reported this package listing"
+        raise PermissionValidationError(error_msg)
+
     PackageReport.handle_user_report(
         reason=reason,
         submitted_by=user,
diff --git a/django/thunderstore/api/cyberstorm/tests/services/test_package_listing_services.py b/django/thunderstore/api/cyberstorm/tests/services/test_package_listing_services.py
index 2bced643b..aeafea7be 100644
--- a/django/thunderstore/api/cyberstorm/tests/services/test_package_listing_services.py
+++ b/django/thunderstore/api/cyberstorm/tests/services/test_package_listing_services.py
@@ -4,11 +4,13 @@
 from thunderstore.api.cyberstorm.services.package_listing import (
     approve_package_listing,
     reject_package_listing,
+    report_package_listing,
     unlist_package_listing,
     update_categories,
 )
 from thunderstore.community.consts import PackageListingReviewStatus
 from thunderstore.core.exceptions import PermissionValidationError
+from thunderstore.ts_reports.models import PackageReport
 
 
 @pytest.mark.django_db
@@ -172,3 +174,57 @@ def test_unlist_package_listing(active_package_listing, user_role, can_unlist):
         with pytest.raises(PermissionValidationError):
             unlist_package_listing(agent=agent, listing=active_package_listing)
         assert active_package_listing.package.is_active is True
+
+
+@pytest.mark.django_db
+def test_report_package_listing_success(user, active_package_listing):
+    report_package_listing(
+        agent=user,
+        reason="Inappropriate content",
+        package=active_package_listing.package,
+        package_listing=active_package_listing,
+        package_version=active_package_listing.package.latest,
+        description="This package contains inappropriate content.",
+    )
+
+    assert (
+        PackageReport.objects.filter(
+            submitted_by=user,
+            package_listing=active_package_listing,
+            is_automated=False,
+            is_active=True,
+        ).count()
+        == 1
+    )
+
+
+@pytest.mark.django_db
+def test_report_package_listing_report_limit(user, active_package_listing):
+    report_package_listing(
+        agent=user,
+        reason="Inappropriate content",
+        package=active_package_listing.package,
+        package_listing=active_package_listing,
+        package_version=active_package_listing.package.latest,
+        description="This package contains inappropriate content.",
+    )
+
+    with pytest.raises(PermissionValidationError):
+        report_package_listing(
+            agent=user,
+            reason="Spam",
+            package=active_package_listing.package,
+            package_listing=active_package_listing,
+            package_version=active_package_listing.package.latest,
+            description="This package is spam.",
+        )
+
+    assert (
+        PackageReport.objects.filter(
+            submitted_by=user,
+            package_listing=active_package_listing,
+            is_automated=False,
+            is_active=True,
+        ).count()
+        == 1
+    )
diff --git a/django/thunderstore/api/cyberstorm/tests/test_package_listing_actions.py b/django/thunderstore/api/cyberstorm/tests/test_package_listing_actions.py
index 2a6bd790c..6fe9802e3 100644
--- a/django/thunderstore/api/cyberstorm/tests/test_package_listing_actions.py
+++ b/django/thunderstore/api/cyberstorm/tests/test_package_listing_actions.py
@@ -271,3 +271,24 @@ def test_unlist_package_listing(
         data={},
         expected_status_code_map=expected_status_code_map,
     )
+
+
+@pytest.mark.django_db
+def test_report_package_listing_limit(
+    api_client: APIClient, active_package_listing: PackageListing
+):
+    """Test that users cannot report the same package listing multiple times."""
+
+    user = TestUserTypes.get_user_by_type(TestUserTypes.regular_user)
+    api_client.force_authenticate(user=user)
+    url = get_report_url(active_package_listing)
+
+    data = json.dumps({"reason": "Spam"})
+    response = api_client.post(url, data=data, content_type="application/json")
+    assert response.status_code == 200
+
+    response = api_client.post(url, data=data, content_type="application/json")
+    error_msg = "You have already reported this package listing"
+
+    assert response.status_code == 403
+    assert response.json() == {"non_field_errors": [error_msg]}