def check_logged_in (self, min_perms=None) :
cookies = self.request.cookies
if not cookies.has_key('ffo') :
return False
whoami = cookies['ffo'].split(":")
if len(whoami) != 2 :
return False
user = User.get_user_by_password(whoami[1])
if not user :
return False
self.user = user
if str(self.user.key()) != str(whoami[0]) :
return False
if min_perms :
if cookies.has_key('fft') :
# check that the cookie looks sane
fft = self.generate_fft(self.user)
if cookies['fft'] != fft :
return False
# check that the user token has
# some minimum permissions
need_perms = self.perms_map[min_perms]
has_perms = self.user.perms
if has_perms < need_perms :
return False
else :
if not self.check_token(min_perms) :
return False
return True
