From f2da8fc27798b86d6866411685db033b0f00050d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?dni=20=E2=9A=A1?= <office@dnilabs.com>
Date: Tue, 6 Dec 2022 13:04:27 +0100
Subject: [PATCH] fix another super_user permission issue

---
 lnbits/decorators.py            | 3 +--
 lnbits/extensions/admin/crud.py | 4 ----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/lnbits/decorators.py b/lnbits/decorators.py
index 874e348a..05019f15 100644
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@@ -146,8 +146,7 @@ async def get_key_type(
                     status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
                 )
             if (
-                wallet.wallet.user != settings.super_user
-                or wallet.wallet.user not in settings.lnbits_admin_users
+                wallet.wallet.user != settings.super_user and wallet.wallet.user not in settings.lnbits_admin_users
             ) and (
                 settings.lnbits_admin_extensions
                 and pathname in settings.lnbits_admin_extensions
diff --git a/lnbits/extensions/admin/crud.py b/lnbits/extensions/admin/crud.py
index 17917569..9dbad63f 100644
--- a/lnbits/extensions/admin/crud.py
+++ b/lnbits/extensions/admin/crud.py
@@ -39,10 +39,6 @@ async def delete_admin_settings():
 
 
 async def update_admin_settings(data: UpdateSettings):
-    # TODO why are those field here, they are not in UpdateSettings
-    # TODO: why is UpdateSettings of type dict here? thats why type:ignore is needed
-    data.pop("lnbits_allowed_funding_sources")  # type: ignore
-    data.pop("super_user")  # type: ignore
     q, values = get_q_and_values(data)
     await db.execute(f"UPDATE admin.settings SET {q}", (values,))  # type: ignore