Henrik Elkjær Hagen - 498 - Jan 24, 2014


Why does the [RequiredPermission] attribute require that the userAuthId is set on the session while the [RequiredRole] attribute does not require this?  

They likely both need to, what’s the issue you’re running into?

Henrik Elkjær Hagen:

I tried to find out why my roles worked as expected while my permissions did not. It was because I had not set the userAuthID. So my solution is to make sure the userAuthId is properly set I guess. But I wanted to post here because I thought it was weird that permissions required userAuthId while roles did not. Might be a bug? 

See the HasAllPermissions(IAuth session) method in RequiredPermissionAttribute.cs and the HasAllRoles(IAuthSession session) method in RequiredRoleAttribute.cs.

Yeah they both should have the same behavior, They’re now both synced in this commit: https://github.com/ServiceStack/ServiceStack/commit/2eefa643e64d32934a8585b9f972ec1a626b32f6