diff --git a/functions/api/reports/submit.ts b/functions/api/reports/submit.ts
index cfd099d..c98cb4e 100644
--- a/functions/api/reports/submit.ts
+++ b/functions/api/reports/submit.ts
@@ -10,7 +10,7 @@ function errorResponse(error: string, status: number): Response {
 }
 
 export async function onRequestPost(context: RequestContext) {
-  const { filename, filesize, turnstileResponse, usernames } =
+  const { actions, bypass, filename, filesize, turnstileResponse, usernames } =
     context.data.body;
 
   if (!context.data.current_user) {
@@ -36,6 +36,12 @@ export async function onRequestPost(context: RequestContext) {
     if (!success) return errorResponse("Captcha test failed", 403);
   }
 
+  if (bypass && !(context.data.current_user?.permissions & (1 << 5)))
+    return errorResponse("Bypass directive cannot be used", 403);
+
+  if (typeof bypass !== "boolean")
+    return errorResponse("Bypass must be a boolean", 400);
+
   if (!Array.isArray(usernames))
     return errorResponse("Usernames must be type of array", 400);
 
@@ -164,6 +170,7 @@ export async function onRequestPost(context: RequestContext) {
         ["mkv", "mov", "wmv"].includes(fileExt.toLowerCase()) ? "mp4" : fileExt
       }`,
       id: reportId,
+      open: !bypass,
       user: currentUser
         ? {
             discriminator: currentUser.discriminator,
@@ -181,7 +188,7 @@ export async function onRequestPost(context: RequestContext) {
     await context.env.D1.prepare(
       "INSERT INTO reports (created_at, id, open, user) VALUES (?, ?, ?, ?);"
     )
-      .bind(Date.now(), reportId, 1, currentUser?.id || null)
+      .bind(Date.now(), reportId, Number(!bypass), currentUser?.id || null)
       .run();
   } catch {}