fix another super_user permission issue

lnbits/decorators.py

@@ -146,8 +146,7 @@ async def get_key_type(
                     status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
                 )
             if (
-                wallet.wallet.user != settings.super_user
-                or wallet.wallet.user not in settings.lnbits_admin_users
+                wallet.wallet.user != settings.super_user and wallet.wallet.user not in settings.lnbits_admin_users
             ) and (
                 settings.lnbits_admin_extensions
                 and pathname in settings.lnbits_admin_extensions

lnbits/extensions/admin/crud.py

@@ -39,10 +39,6 @@ async def delete_admin_settings():
 
 
 async def update_admin_settings(data: UpdateSettings):
-    # TODO why are those field here, they are not in UpdateSettings
-    # TODO: why is UpdateSettings of type dict here? thats why type:ignore is needed
-    data.pop("lnbits_allowed_funding_sources")  # type: ignore
-    data.pop("super_user")  # type: ignore
     q, values = get_q_and_values(data)
     await db.execute(f"UPDATE admin.settings SET {q}", (values,))  # type: ignore