From 945a7e49f59c11fad1034a86ae183b305db79aee Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sun, 5 Dec 2021 01:42:55 -0700
Subject: [PATCH] Update InternalApiController, prevent moderation actions
 against admin accounts

---
 app/Http/Controllers/InternalApiController.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/InternalApiController.php b/app/Http/Controllers/InternalApiController.php
index b9f86a639..ce4765ee7 100644
--- a/app/Http/Controllers/InternalApiController.php
+++ b/app/Http/Controllers/InternalApiController.php
@@ -17,6 +17,7 @@ use App\{
 	Profile,
 	StatusHashtag,
 	Status,
+	User,
 	UserFilter,
 };
 use Auth,Cache;
@@ -194,9 +195,12 @@ class InternalApiController extends Controller
 		$item_id = $request->input('item_id');
 		$item_type = $request->input('item_type');
 
+		$status = Status::findOrFail($item_id);
+		$author = User::whereProfileId($status->profile_id)->first();
+		abort_if($author && $author->is_admin, 422, 'Cannot moderate administrator accounts');
+
 		switch($action) {
 			case 'addcw':
-				$status = Status::findOrFail($item_id);
 				$status->is_nsfw = true;
 				$status->save();
 				ModLogService::boot()
@@ -212,7 +216,6 @@ class InternalApiController extends Controller
 					->accessLevel('admin')
 					->save();
 
-
 				if($status->uri == null) {
 					$media = $status->media;
 					$ai = new AccountInterstitial;
@@ -243,7 +246,6 @@ class InternalApiController extends Controller
 			break;
 
 			case 'remcw':
-				$status = Status::findOrFail($item_id);
 				$status->is_nsfw = false;
 				$status->save();
 				ModLogService::boot()
@@ -269,7 +271,6 @@ class InternalApiController extends Controller
 			break;
 
 			case 'unlist':
-				$status = Status::whereScope('public')->findOrFail($item_id);
 				$status->scope = $status->visibility = 'unlisted';
 				$status->save();
 				PublicTimelineService::del($status->id);
@@ -316,7 +317,6 @@ class InternalApiController extends Controller
 			break;
 
 			case 'spammer':
-				$status = Status::findOrFail($item_id);
 				HandleSpammerPipeline::dispatch($status->profile);
 				ModLogService::boot()
 					->user(Auth::user())
@@ -333,10 +333,7 @@ class InternalApiController extends Controller
 			break;
 		}
 
-		Cache::forget('_api:statuses:recent_9:' . $status->profile_id);
-		Cache::forget('profile:embed:' . $status->profile_id);
 		StatusService::del($status->id);
-
 		return ['msg' => 200];
 	}