def check_logged_in (self, min_perms=None) : cookies = self.request.cookies if not cookies.has_key('ffo') : return False whoami = cookies['ffo'].split(":") if len(whoami) != 2 : return False user = User.get_user_by_password(whoami[1]) if not user : return False self.user = user if str(self.user.key()) != str(whoami[0]) : return False if min_perms : if cookies.has_key('fft') : # check that the cookie looks sane fft = self.generate_fft(self.user) if cookies['fft'] != fft : return False # check that the user token has # some minimum permissions need_perms = self.perms_map[min_perms] has_perms = self.user.perms if has_perms < need_perms : return False else : if not self.check_token(min_perms) : return False return True