diff --git a/mod-picker/app/controllers/mods_controller.rb b/mod-picker/app/controllers/mods_controller.rb
index 2e700df6a..51de045a9 100644
--- a/mod-picker/app/controllers/mods_controller.rb
+++ b/mod-picker/app/controllers/mods_controller.rb
@@ -95,9 +95,9 @@ def update
 
   # POST /mods/1/hide
   def hide
-    authorize! :hide, @mod
-    @mod.hidden = params[:hidden]
-    if @mod.save
+    authorize! :hide, @mod, :message => "You are not allowed to hide/unhide this mod."
+    builder = ModBuilder.new(current_user, hide_params)
+    if builder.update
       render json: {status: :ok}
     else
       render json: @mod.errors, status: :unprocessable_entity
@@ -106,9 +106,9 @@ def hide
 
   # POST /mods/1/approve
   def approve
-    authorize! :approve, @mod
-    @mod.approved = params[:approved]
-    if @mod.save
+    authorize! :approve, @mod, :message => "You are not allowed to approve/unapprove this mod."
+    builder = ModBuilder.new(current_user, approve_params)
+    if builder.update
       render json: {status: :ok}
     else
       render json: @mod.errors, status: :unprocessable_entity
@@ -358,6 +358,20 @@ def sorting_params
       params.fetch(:sort, {}).permit(:column, :direction)
     end
 
+    def approve_params
+      {
+          id: params[:id],
+          approved: params[:approved]
+      }
+    end
+
+    def hide_params
+      {
+          id: params[:id],
+          hidden: params[:hidden]
+      }
+    end
+
     # Params we allow filtering on
     def filtering_params
       # construct valid filters array