From 0d14d2b56ecfbb301606cc9c161264bd0f6a5e9b Mon Sep 17 00:00:00 2001 From: Vlad Stan Date: Wed, 5 Apr 2023 19:40:16 +0300 Subject: [PATCH] fix: remove admin extensions for non admin users --- lnbits/core/crud.py | 4 +++- lnbits/core/models.py | 12 +++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/lnbits/core/crud.py b/lnbits/core/crud.py index 1b807b788..5dfc73d00 100644 --- a/lnbits/core/crud.py +++ b/lnbits/core/crud.py @@ -62,7 +62,9 @@ async def get_user(user_id: str, conn: Optional[Connection] = None) -> Optional[ return User( id=user["id"], email=user["email"], - extensions=[e[0] for e in extensions], + extensions=[ + e[0] for e in extensions if User.is_extension_for_user(e[0], user["id"]) + ], wallets=[Wallet(**w) for w in wallets], admin=user["id"] == settings.super_user or user["id"] in settings.lnbits_admin_users, diff --git a/lnbits/core/models.py b/lnbits/core/models.py index c3ff6fd9c..4bcdd3311 100644 --- a/lnbits/core/models.py +++ b/lnbits/core/models.py @@ -13,7 +13,7 @@ from pydantic import BaseModel from lnbits.db import Connection from lnbits.helpers import url_for -from lnbits.settings import get_wallet_class +from lnbits.settings import get_wallet_class, settings from lnbits.wallets.base import PaymentStatus @@ -75,6 +75,16 @@ class User(BaseModel): w = [wallet for wallet in self.wallets if wallet.id == wallet_id] return w[0] if w else None + @classmethod + def is_extension_for_user(cls, ext: str, user: str) -> bool: + if ext not in settings.lnbits_admin_extensions: + return True + if user == settings.super_user: + return True + if user in settings.lnbits_admin_users: + return True + return False + class Payment(BaseModel): checking_id: str