From 18ca3a324f4b05c5f8e09be505f45022630547a9 Mon Sep 17 00:00:00 2001
From: devin ivy <devinivy@gmail.com>
Date: Fri, 14 Jul 2023 14:37:32 -0700
Subject: [PATCH] Allow moderators to take and reverse actor takedowns (#1330)

allow moderators to take and reverse actor takedowns
---
 .../com/atproto/admin/reverseModerationAction.ts |  6 +++---
 .../com/atproto/admin/takeModerationAction.ts    |  4 ++--
 packages/bsky/tests/moderation.test.ts           | 16 +++++++++-------
 .../com/atproto/admin/reverseModerationAction.ts |  4 ++--
 .../com/atproto/admin/takeModerationAction.ts    |  4 ++--
 packages/pds/tests/moderation.test.ts            | 16 +++++++++-------
 6 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/packages/bsky/src/api/com/atproto/admin/reverseModerationAction.ts b/packages/bsky/src/api/com/atproto/admin/reverseModerationAction.ts
index 0a3e1126ba8..2fe61649d27 100644
--- a/packages/bsky/src/api/com/atproto/admin/reverseModerationAction.ts
+++ b/packages/bsky/src/api/com/atproto/admin/reverseModerationAction.ts
@@ -43,14 +43,14 @@ export default function (server: Server, ctx: AppContext) {
             'Must be a full moderator to reverse this type of action',
           )
         }
-        // if less than admin access then can reverse takedown on an account
+        // if less than moderator access then cannot reverse takedown on an account
         if (
-          !access.admin &&
+          !access.moderator &&
           existing.action === TAKEDOWN &&
           existing.subjectType === 'com.atproto.admin.defs#repoRef'
         ) {
           throw new AuthRequiredError(
-            'Must be an admin to reverse an account takedown',
+            'Must be a full moderator to reverse an account takedown',
           )
         }
 
diff --git a/packages/bsky/src/api/com/atproto/admin/takeModerationAction.ts b/packages/bsky/src/api/com/atproto/admin/takeModerationAction.ts
index 42e1b7034d7..d045475dcbb 100644
--- a/packages/bsky/src/api/com/atproto/admin/takeModerationAction.ts
+++ b/packages/bsky/src/api/com/atproto/admin/takeModerationAction.ts
@@ -30,9 +30,9 @@ export default function (server: Server, ctx: AppContext) {
       // apply access rules
 
       // if less than admin access then can not takedown an account
-      if (!access.admin && action === TAKEDOWN && 'did' in subject) {
+      if (!access.moderator && action === TAKEDOWN && 'did' in subject) {
         throw new AuthRequiredError(
-          'Must be an admin to perform an account takedown',
+          'Must be a full moderator to perform an account takedown',
         )
       }
       // if less than moderator access then can only take ack and escalation actions
diff --git a/packages/bsky/tests/moderation.test.ts b/packages/bsky/tests/moderation.test.ts
index 08067ef61f7..946b2d29a30 100644
--- a/packages/bsky/tests/moderation.test.ts
+++ b/packages/bsky/tests/moderation.test.ts
@@ -961,9 +961,9 @@ describe('moderation', () => {
       )
     })
 
-    it('does not allow non-admin moderators to takedown.', async () => {
-      const attemptTakedownMod =
-        agent.api.com.atproto.admin.takeModerationAction(
+    it('allows full moderators to takedown.', async () => {
+      const { data: action } =
+        await agent.api.com.atproto.admin.takeModerationAction(
           {
             action: TAKEDOWN,
             createdBy: 'did:example:moderator',
@@ -978,9 +978,11 @@ describe('moderation', () => {
             headers: network.bsky.adminAuthHeaders('moderator'),
           },
         )
-      await expect(attemptTakedownMod).rejects.toThrow(
-        'Must be an admin to perform an account takedown',
-      )
+      // cleanup
+      await reverse(action.id)
+    })
+
+    it('does not allow non-full moderators to takedown.', async () => {
       const attemptTakedownTriage =
         agent.api.com.atproto.admin.takeModerationAction(
           {
@@ -998,7 +1000,7 @@ describe('moderation', () => {
           },
         )
       await expect(attemptTakedownTriage).rejects.toThrow(
-        'Must be an admin to perform an account takedown',
+        'Must be a full moderator to perform an account takedown',
       )
     })
 
diff --git a/packages/pds/src/api/com/atproto/admin/reverseModerationAction.ts b/packages/pds/src/api/com/atproto/admin/reverseModerationAction.ts
index 2d7bf94673e..05991968d02 100644
--- a/packages/pds/src/api/com/atproto/admin/reverseModerationAction.ts
+++ b/packages/pds/src/api/com/atproto/admin/reverseModerationAction.ts
@@ -43,9 +43,9 @@ export default function (server: Server, ctx: AppContext) {
             'Must be a full moderator to reverse this type of action',
           )
         }
-        // if less than admin access then can reverse takedown on an account
+        // if less than moderator access then cannot reverse takedown on an account
         if (
-          !access.admin &&
+          !access.moderator &&
           existing.action === TAKEDOWN &&
           existing.subjectType === 'com.atproto.admin.defs#repoRef'
         ) {
diff --git a/packages/pds/src/api/com/atproto/admin/takeModerationAction.ts b/packages/pds/src/api/com/atproto/admin/takeModerationAction.ts
index d4d0639c0f4..1a8feedd98b 100644
--- a/packages/pds/src/api/com/atproto/admin/takeModerationAction.ts
+++ b/packages/pds/src/api/com/atproto/admin/takeModerationAction.ts
@@ -30,9 +30,9 @@ export default function (server: Server, ctx: AppContext) {
       // apply access rules
 
       // if less than admin access then can not takedown an account
-      if (!access.admin && action === TAKEDOWN && 'did' in subject) {
+      if (!access.moderator && action === TAKEDOWN && 'did' in subject) {
         throw new AuthRequiredError(
-          'Must be an admin to perform an account takedown',
+          'Must be a full moderator to perform an account takedown',
         )
       }
       // if less than moderator access then can only take ack and escalation actions
diff --git a/packages/pds/tests/moderation.test.ts b/packages/pds/tests/moderation.test.ts
index 17c3ea0d92a..48743809815 100644
--- a/packages/pds/tests/moderation.test.ts
+++ b/packages/pds/tests/moderation.test.ts
@@ -984,9 +984,9 @@ describe('moderation', () => {
       )
     })
 
-    it('does not allow non-admin moderators to takedown.', async () => {
-      const attemptTakedownMod =
-        agent.api.com.atproto.admin.takeModerationAction(
+    it('allows full moderators to takedown.', async () => {
+      const { data: action } =
+        await agent.api.com.atproto.admin.takeModerationAction(
           {
             action: TAKEDOWN,
             createdBy: 'did:example:moderator',
@@ -1001,9 +1001,11 @@ describe('moderation', () => {
             headers: { authorization: moderatorAuth() },
           },
         )
-      await expect(attemptTakedownMod).rejects.toThrow(
-        'Must be an admin to perform an account takedown',
-      )
+      // cleanup
+      await reverse(action.id)
+    })
+
+    it('does not allow non-full moderators to takedown.', async () => {
       const attemptTakedownTriage =
         agent.api.com.atproto.admin.takeModerationAction(
           {
@@ -1021,7 +1023,7 @@ describe('moderation', () => {
           },
         )
       await expect(attemptTakedownTriage).rejects.toThrow(
-        'Must be an admin to perform an account takedown',
+        'Must be a full moderator to perform an account takedown',
       )
     })