def is_admin(): if not is_user(): return False token = web.ctx.session.token userid = auth.decode_token(token)['userid'] db = MySQLDB_(settings['MYSQL_HOST'], settings['MYSQL_USER'], settings['MYSQL_PASSWD'], settings['MYSQL_DB']) user_li = db.query_all("select * from user where `id`='%s'" % userid) db.close() if 0 == len(user_li): return False if int(user_li[0]['level']) != user_admin: return False return True