在看Flask-Web开发中，关于9.3章角色验证这里有一个问题：class User(UserMixin,db.Model): __tablename__ = 'users' id = db.Column(db.Integer,primary_key=True) email = db.Column(db.String(64),unique=True,index=True) username=db.Column(db.String(64),unique=True,index=True,) role_id = db.Column(db.Integer,db.ForeignKey('roles.id')) password_hash = db.Column(db.String(128)) confirmed = db.Column(db.Boolean,default=False) def __init__(self,**kwargs): super(User,self).__init__(**kwargs) if self.role is None: if self.email==current_app.config['FLASKY_ADMIN']: self.role=Role.query.filter_by(permissions=0xff).first() if self.role is None: self.role=Role.query.filter_by(default=True).first() def can(self.permissions): return self.role is not None and \ (self.role.permissions & permissions) == permissions 就是这个can函数，为什么这里要用位与运算来验证(self.role.permissions & permissions) == permissions，直接用 self.role.permissions == permissions可以么