Most of my services are decorated with one of RequiredRole, RequiresAnyRole, RequiredPermission, RequiresAnyPermission - I’ve now run into a case where I would like a service accessible if one has Role “x” or Permission “y”.
Is there a way to decorate my service class to accomplish this combination?
You can’t do a custom OR combination via attributes, you’d need to perform the validation in your Service, e.g:
var session = SessionAs<AuthUserSession>();
if (!session.HasRole("x", AuthRepository) && !session.HasPermission("x", AuthRepository))
throw new HttpError.Forbidden("Thou shall not pass!");
Couldn’t this be done by creating a custom attribute, using the source code for RequireRole and RequirePermission as inspiration?
With a new custom attribute that does everything needed, not by combining the existing attributes.
Absolutely, that’s what I meant.