diff --git a/website/src/pages/api/posts/moderate.ts b/website/src/pages/api/posts/moderate.ts
index 1830f33..e425bd2 100644
--- a/website/src/pages/api/posts/moderate.ts
+++ b/website/src/pages/api/posts/moderate.ts
@@ -25,7 +25,7 @@ export default async function handler(
 
     // Check if the user is permitted to access the API
     const session = await getServerSession(request, response, authOptions)
-    const permission = await checkApiPermissions(request, response, session, client, makeQuery, "api:plants:moderate:access")
+    const permission = await checkApiPermissions(request, response, session, client, makeQuery, "api:admin:moderate:access")
     if(!permission) return response.status(401).json({error: "Not Authorized"})
 
 
@@ -40,17 +40,40 @@ export default async function handler(
 
         // Check if the data is being downloaded from the Postgres database
         const tables = getTables()
+        let query = ""
 
         switch (operation) {
             case "list":
+
+
+                // List all the posts that need to be moderated
+                query = `SELECT * FROM posts WHERE ${tables.post_approved} = false;`;
+
                 break;
 
             case "approve":
+
+                // Approve the post
+                query = `UPDATE posts SET ${tables.post_approved} = true WHERE ${tables.id} = ${id};`;
+
                 break;
 
             case "deny":
+
+                // Deny the post
+                query = `DELETE FROM posts WHERE ${tables.id} = ${id};`;
+
                 break;
 
+            default:
+                return response.status(400).json({error: "Invalid operation"});
+        }
+
+        // Run the query
+        const data = await makeQuery(query, client)
+
+        return response.status(200).json({message: "Success", data: data});
+
     } catch (error) {
         return response.status(500).json({message: "ERROR IN SERVER", error: error });
     } finally {