How to use the cortex.lib.user.does_user_have_permission function in cortex

def admin_events(src="all"):
	"""Displays the list of events, excluding any system events"""

	# Check user permissions
	if not does_user_have_permission("events.view"):
		abort(403)

	# Render the page
	return render_template('admin/events.html', active='admin', title="Events", event_source=src, json_source=url_for('admin_events_json', event_source=src))

def tenable_agents():
	"""Registered Nessus agents on Tenable.io"""

	# Check user permissions
	if not cortex.lib.user.does_user_have_permission("tenable.view"):
		abort(403)

	return render_template("tenable/agents.html")

@app.route('/systems/cmdb/json', methods=['POST'])
@cortex.lib.user.login_required
@app.disable_csrf_check
def systems_cmdb_json():
	"""Used by DataTables to extract information from the ServiceNow CMDB CI
	cache. The parameters and return format are as dictated by DataTables"""

	# Check user permissions	
	# either they have systems.all.view (view all systems)
	# OR they have at least one instance of the per-system permission 'edit.cmdb' 
	# (cos if they have that they need to be able to list the CMDB entries)
	# or if they have systems.all.edit.cmdb 

	if not does_user_have_permission("systems.all.view") and not does_user_have_permission("systems.all.edit.cmdb"):
		if not does_user_have_any_system_permission("edit.cmdb"):
			abort(403)

	# Extract information from DataTables
	(draw, start, length, order_column, order_asc, search) = _systems_extract_datatables()

	# Validate and convert the ordering column number to the name of the
	# column as it is in the database
	if order_column == 0:
		order_column = 'u_number'
	elif order_column == 1:
		order_column = 'short_description'
	else:
		app.logger.warn('Invalid ordering column parameter in DataTables request')
		abort(400)

def admin_tasks_user():
	"""Displays the list of tasks, excluding any system tasks"""

	# Check user permissions
	if not does_user_have_permission("tasks.view"):
		abort(403)

	# Render the page
	return render_template('admin/tasks.html', active='admin', title="User Tasks", tasktype='user', json_source=url_for('admin_tasks_json', tasktype='user'), filters={})

def systems_nocmdb():
	"""Shows the list of systems missing CMDB reocords to the user."""

	# Check user permissions
	if not does_user_have_permission("systems.all.view"):
		abort(403)

	# Get the list of active classes (used to populate the tab bar)
	classes = cortex.lib.classes.get_list()

	# Render
	return render_template('systems/list.html', classes=classes, active='systems', title="Systems missing CMDB record", nocmdb=True, hide_inactive=True)

def vmware_data():
	"""Displays page containing a giant table of information of everything
	we know about all the VMs."""

	# Check user permissions
	if not does_user_have_permission("vmware.view"):
		abort(403)

	# Get a cursor to the database
	curd = g.db.cursor(mysql.cursors.DictCursor)

	# Get all the information about every VM
	curd.execute('SELECT * FROM `vmware_cache_vm` WHERE `template` = 0 ORDER BY `name`')
	results = curd.fetchall()

	# Render
	return render_template('vmware/data.html', active='vmware', data=results, title="VMware Data")

@app.route('/systems/expired')
@cortex.lib.user.login_required
def systems_expired():
	"""Shows the list of expired systems to the user."""

	# Check user permissions
	if not does_user_have_permission("systems.all.view"):
		abort(403)

	# Get the list of active classes (used to populate the tab bar)
	classes = cortex.lib.classes.list()

	# Render
	return render_template('systems/list.html', classes=classes, active='systems', title="Expired systems", expired=True, hide_inactive=True)

##  - require_vm is not set OR (it is set and the system is a VM)
			##  - and one of the following is true:
			##     - they have workflows.all
			##     - they have the per-system permission set in the workflow action
			##     - they have the global permission set in the workflow action

			if (action['require_vm'] and system['vmware_uuid'] is not None) or not action['require_vm']:
				if does_user_have_permission("workflows.all"):
					actions.append(action)
				elif does_user_have_system_permission(id,action['system_permission']):
					app.logger.debug("User " + session['username'] + " does not have workflows.all")
					actions.append(action)
				elif action['permission'] is not None:
					app.logger.debug("User " + session['username'] + " does not have " + action['system_permission'])

					if does_user_have_permission("workflows." + action['permission']):
						actions.append(action)
					else:
						app.logger.debug("User " + session['username'] + " does not have " + action['permission'])

	return render_template('systems/actions.html', system=system, active='systems', actions=actions, title=system['name'])

def sysrequests():
	"""Shows the list of system requests to the user."""

	# Check user permissions
	if not does_user_have_permission("sysrequests.all.view"):
		abort(403)

	# Get the list of active classes (used to populate the tab bar)
	statuses = ((0, 'Pending'), (1, 'Rejected'), (2, 'Approved'))

	# Get the search string, if any
	q = request.args.get('q', None)

	# Strip any leading and or trailing spaces
	if q is not None:
		q = q.strip()

	# Render
	return render_template('sysrequests/list.html', statuses=statuses, active='systems', title="Requests", q=q)

def certificates_add():
	"""Adds a certificate to the list of tracked certificates."""

	if not does_user_have_permission("certificates.add"):
		abort(403)

	if request.method == 'GET':
		# Just show the form
		return render_template('certificates/add.html', active='certificates', title='Add Certificate')
	elif request.method == 'POST':
		# Extract the certificate from the request
		if 'uploaded_cert' in request.files:
			# Read the contents (maximum 1MB so we don't DoS ourselves with large files)
			cert_data = request.files['uploaded_cert'].read(1048576)
		elif 'pasted_cert' in request.form:
			cert_data = request.form['pasted_cert']
		else:
			abort(400)
			
		last_exception = None