diff --git a/packages/ozone/src/api/admin/emitModerationEvent.ts b/packages/ozone/src/api/admin/emitModerationEvent.ts index c04dfbecae6..ef4c5fd2822 100644 --- a/packages/ozone/src/api/admin/emitModerationEvent.ts +++ b/packages/ozone/src/api/admin/emitModerationEvent.ts @@ -27,17 +27,23 @@ export default function (server: Server, ctx: AppContext) { // apply access rules - // if less than moderator access then can not takedown an account - if (!access.moderator && isTakedownEvent && subject.isRepo()) { - throw new AuthRequiredError( - 'Must be a full moderator to perform an account takedown', - ) - } // if less than moderator access then can only take ack and escalation actions - if (!access.moderator && (isTakedownEvent || isReverseTakedownEvent)) { - throw new AuthRequiredError( - 'Must be a full moderator to take this type of action', - ) + if (isTakedownEvent || isReverseTakedownEvent) { + if (!access.moderator) { + throw new AuthRequiredError( + 'Must be a full moderator to take this type of action', + ) + } + + // Non admins should not be able to take down feed generators + if ( + !access.admin && + subject.recordPath?.includes('app.bsky.feed.generator/') + ) { + throw new AuthRequiredError( + 'Must be a full admin to take this type of action on feed generators', + ) + } } // if less than moderator access then can not apply labels if (!access.moderator && isLabelEvent) { diff --git a/packages/ozone/tests/moderation.test.ts b/packages/ozone/tests/moderation.test.ts index 79aae3938c9..790d0f5f820 100644 --- a/packages/ozone/tests/moderation.test.ts +++ b/packages/ozone/tests/moderation.test.ts @@ -779,7 +779,7 @@ describe('moderation', () => { }, ) await expect(attemptTakedownTriage).rejects.toThrow( - 'Must be a full moderator to perform an account takedown', + 'Must be a full moderator to take this type of action', ) })