highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-09-28 21:02:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: remove admin extensions for non admin users

Browse Source
This commit is contained in:
Vlad Stan
2023-04-05 19:40:16 +03:00
parent d7e7d89e9a
commit 0d14d2b56e
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lnbits/core/crud.py
View File

@@ -62,7 +62,9 @@ async def get_user(user_id: str, conn: Optional[Connection] = None) -> Optional[
return User( return User(
id=user["id"], id=user["id"],
email=user["email"], email=user["email"],
extensions=[e[0] for e in extensions], extensions=[
e[0] for e in extensions if User.is_extension_for_user(e[0], user["id"])
],
wallets=[Wallet(**w) for w in wallets], wallets=[Wallet(**w) for w in wallets],
admin=user["id"] == settings.super_user admin=user["id"] == settings.super_user
or user["id"] in settings.lnbits_admin_users, or user["id"] in settings.lnbits_admin_users,

12
lnbits/core/models.py
View File

@@ -13,7 +13,7 @@ from pydantic import BaseModel
from lnbits.db import Connection from lnbits.db import Connection
from lnbits.helpers import url_for from lnbits.helpers import url_for
from lnbits.settings import get_wallet_class from lnbits.settings import get_wallet_class, settings
from lnbits.wallets.base import PaymentStatus from lnbits.wallets.base import PaymentStatus
@@ -75,6 +75,16 @@ class User(BaseModel):
w = [wallet for wallet in self.wallets if wallet.id == wallet_id] w = [wallet for wallet in self.wallets if wallet.id == wallet_id]
return w[0] if w else None return w[0] if w else None
@classmethod
def is_extension_for_user(cls, ext: str, user: str) -> bool:
if ext not in settings.lnbits_admin_extensions:
return True
if user == settings.super_user:
return True
if user in settings.lnbits_admin_users:
return True
return False
class Payment(BaseModel): class Payment(BaseModel):
checking_id: str checking_id: str