/gist:6221307

## gistfile1.cs
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
    public class RequiredOneRoleOfAttribute : RequestFilterAttribute
    {
        public List<string> RequiredRoles { get; set; }

        public RequiredOneRoleOfAttribute(ApplyTo applyTo, params string[] roles)
        {
            this.RequiredRoles = roles.ToList();
            this.ApplyTo = applyTo;
            this.Priority = (int)RequestFilterPriority.RequiredRole;
        }

        public RequiredOneRoleOfAttribute(params string[] roles)
            : this(ApplyTo.All, roles) { }

        public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto)
        {
            AuthenticateAttribute.AuthenticateIfBasicAuth(req, res);

            var session = req.GetSession();
            if(HasOneOf(req, session)) return;

            res.StatusCode = (int)HttpStatusCode.Unauthorized;
            res.StatusDescription = "Invalid Role";
            res.EndServiceStackRequest();
        }

        public bool HasOneOf(IHttpRequest req, IAuthSession session, IUserAuthRepository userAuthRepo = null)
        {
            if(HasAnyRole(session)) return true;

            session.UpdateFromUserAuthRepo(req, userAuthRepo);

            if(HasAnyRole(session))
            {
                req.SaveSession(session);
                return true;
            }
            return false;
        }

        public bool HasAnyRole(IAuthSession session)
        {
            return this.RequiredRoles
                .Any(requiredRole => session != null
                    && session.HasRole(requiredRole));
        }

        /// <summary>
        /// Check all session is in all supplied roles otherwise a 401 HttpError is thrown
        /// </summary>
        /// <param name="requestContext"></param>
        /// <param name="requiredRoles"></param>
        public static void AssertRequiredRoles(IRequestContext requestContext, params string[] requiredRoles)
        {
            if(requiredRoles.IsEmpty()) return;

            var req = requestContext.Get<IHttpRequest>();
            var session = req.GetSession();

            if(session != null && requiredRoles.Any(session.HasRole))
                return;

            session.UpdateFromUserAuthRepo(req);

            if(session != null && requiredRoles.Any(session.HasRole))
                return;

            throw new HttpError(HttpStatusCode.Unauthorized, "Invalid Role");
        }
    }
	[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
	public class RequiredOneRoleOfAttribute : RequestFilterAttribute
	{
	public List<string> RequiredRoles { get; set; }

	public RequiredOneRoleOfAttribute(ApplyTo applyTo, params string[] roles)
	{
	this.RequiredRoles = roles.ToList();
	this.ApplyTo = applyTo;
	this.Priority = (int)RequestFilterPriority.RequiredRole;
	}

	public RequiredOneRoleOfAttribute(params string[] roles)
	: this(ApplyTo.All, roles) { }

	public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto)
	{
	AuthenticateAttribute.AuthenticateIfBasicAuth(req, res);

	var session = req.GetSession();
	if(HasOneOf(req, session)) return;

	res.StatusCode = (int)HttpStatusCode.Unauthorized;
	res.StatusDescription = "Invalid Role";
	res.EndServiceStackRequest();
	}

	public bool HasOneOf(IHttpRequest req, IAuthSession session, IUserAuthRepository userAuthRepo = null)
	{
	if(HasAnyRole(session)) return true;

	session.UpdateFromUserAuthRepo(req, userAuthRepo);

	if(HasAnyRole(session))
	{
	req.SaveSession(session);
	return true;
	}
	return false;
	}

	public bool HasAnyRole(IAuthSession session)
	{
	return this.RequiredRoles
	.Any(requiredRole => session != null
	&& session.HasRole(requiredRole));
	}

	/// <summary>
	/// Check all session is in all supplied roles otherwise a 401 HttpError is thrown
	/// </summary>
	/// <param name="requestContext"></param>
	/// <param name="requiredRoles"></param>
	public static void AssertRequiredRoles(IRequestContext requestContext, params string[] requiredRoles)
	{
	if(requiredRoles.IsEmpty()) return;

	var req = requestContext.Get<IHttpRequest>();
	var session = req.GetSession();

	if(session != null && requiredRoles.Any(session.HasRole))
	return;

	session.UpdateFromUserAuthRepo(req);

	if(session != null && requiredRoles.Any(session.HasRole))
	return;

	throw new HttpError(HttpStatusCode.Unauthorized, "Invalid Role");
	}
	}