def is_admin():
if not is_user():
return False
token = web.ctx.session.token
userid = auth.decode_token(token)['userid']
db = MySQLDB_(settings['MYSQL_HOST'], settings['MYSQL_USER'],
settings['MYSQL_PASSWD'], settings['MYSQL_DB'])
user_li = db.query_all("select * from user where `id`='%s'" % userid)
db.close()
if 0 == len(user_li):
return False
if int(user_li[0]['level']) != user_admin:
return False
return True
