Require a certain role OR a certain permission?

Most of my services are decorated with one of RequiredRole, RequiresAnyRole, RequiredPermission, RequiresAnyPermission - I’ve now run into a case where I would like a service accessible if one has Role “x” or Permission “y”.

Is there a way to decorate my service class to accomplish this combination?

You can’t do a custom OR combination via attributes, you’d need to perform the validation in your Service, e.g:

var session = SessionAs<AuthUserSession>();
if (!session.HasRole("x", AuthRepository) && !session.HasPermission("x", AuthRepository))
    throw new HttpError.Forbidden("Thou shall not pass!");

Couldn’t this be done by creating a custom attribute, using the source code for RequireRole and RequirePermission as inspiration?

With a new custom attribute that does everything needed, not by combining the existing attributes.

Absolutely, that’s what I meant.