Why does the [RequiredPermission] attribute require that the userAuthId is set on the session while the [RequiredRole] attribute does not require this?
They likely both need to, what’s the issue you’re running into?
Henrik Elkjær Hagen:
I tried to find out why my roles worked as expected while my permissions did not. It was because I had not set the userAuthID. So my solution is to make sure the userAuthId is properly set I guess. But I wanted to post here because I thought it was weird that permissions required userAuthId while roles did not. Might be a bug?
See the HasAllPermissions(IAuth session) method in RequiredPermissionAttribute.cs and the HasAllRoles(IAuthSession session) method in RequiredRoleAttribute.cs.
Yeah they both should have the same behavior, They’re now both synced in this commit: https://github.com/ServiceStack/ServiceStack/commit/2eefa643e64d32934a8585b9f972ec1a626b32f6