diff --git a/app/Policies/APIKeyPolicy.php b/app/Policies/APIKeyPolicy.php
index 58b187b48..95846b9e4 100644
--- a/app/Policies/APIKeyPolicy.php
+++ b/app/Policies/APIKeyPolicy.php
@@ -43,7 +43,7 @@ class APIKeyPolicy
     protected function checkPermission(User $user, Key $key, $permission)
     {
         // Non-administrative users cannot use administrative routes.
-        if (! starts_with('user.') && ! $user->isRootAdmin()) {
+        if (! starts_with($key, 'user.') && ! $user->isRootAdmin()) {
             return false;
         }
 
diff --git a/app/Repositories/APIRepository.php b/app/Repositories/APIRepository.php
index db9b9d6b7..10af25155 100644
--- a/app/Repositories/APIRepository.php
+++ b/app/Repositories/APIRepository.php
@@ -147,7 +147,7 @@ class APIRepository
             if ($this->user->isRootAdmin() && isset($data['admin_permissions'])) {
                 unset($pNodes['_user']);
 
-                foreach ($data['admin_permissions'] as $permNode) {
+                foreach ($data['admin_permissions'] as $permission) {
                     $parts = explode('-', $permission);
 
                     if (count($parts) !== 2) {