diff --git a/todo/views/del_list.py b/todo/views/del_list.py
index c4e044f..ee82c7b 100644
--- a/todo/views/del_list.py
+++ b/todo/views/del_list.py
@@ -17,7 +17,7 @@ def del_list(request, list_id: int, list_slug: str) -> HttpResponse:
 
     # Ensure user has permission to delete list. Get the group this list belongs to,
     # and check whether current user is a member of that group AND a staffer.
-    if task_list.group not in request.user.groups.all() and not request.user.is_staff:
+    if not (task_list.group in request.user.groups.all() and request.user.is_staff):
         raise PermissionDenied
 
     if request.method == "POST":