Require role for certain verbs, not for others

specimen151 · December 16, 2022, 4:15pm

Hi. Apologies for many questions lately.

We can’t understand why SearchFormDefinitions is not available for a regular “non admin” user in SS UI.

The DTO requires authenticated user.
Logged in: Check
The services requires the Admin role, but only for Post or Put. This is a GET.


[ValidateIsAuthenticated]
[Route("/formdefinitions", Verbs = "GET")]
public class SearchFormDefinitions : QueryDb<FormDefinition> {
   // some properties
}

[Authenticate]
[RequiredRole(ApplyTo.Post | ApplyTo.Put, "Admin") ]
public class FormDefinitionServices : Service {
    public FormDefinitionsResponse Get(SearchFormDefinitions request)
    {
       // implementation 
    }
}

mythz · December 16, 2022, 4:20pm

You’re adding multiple Authentications filters adding duplicate validation and unnecessary overhead, just stick to using either Validation Attributes on Request DTOs or Request Fitler attributes on Services classes.