def has_permission(user_id, operation_key, oqlparams=None): b = False cachekey = '%d:%s:%r' % (user_id, operation_key, oqlparams) perm = cache.get(CACHESPACE_PERMISSION, cachekey) if perm != None: return perm query = stdModel.all() query.model(UserRole.get_modelname(), "a") query.model(Role.get_modelname(), "b", join="inner", on="a.role_id=b.uid") query.model(RoleOperation.get_modelname(), "c", join="inner", on="c.role_id=b.uid") query.model(Operation.get_modelname(), "d", join="inner", on="c.operation_key=d.operation_key") query.what("a.user_id", alias="user_id") query.what("b.uid", alias="role_id") query.what("d.operation_key", alias="operation_key") query.what("d.handler_classes", alias="handler_classes") query.what("d.resource_oql", alias="resource_oql") query.what("a.user_id", alias="user_id") query.filter("a.user_id =", user_id) if operation_key is not None: query.filter("d.operation_key =", operation_key) std = query.get() if std != None: if std.resource_oql != None: operation = get_operation(operation_key=operation_key) params = operation.get_resource_oql_paramnames() if len(params) != len(oqlparams): raise UnauthorizedError() query = stdModel.all() if oqlparams != None and len(oqlparams) > 0 : query = query.sql(std.resource_oql, sql_vars=oqlparams) else: query = query.sql(std.resource_oql) if query.count() > 0: b = True else: b = True cache.put(CACHESPACE_PERMISSION, cachekey, b) return b