ServiceStack PR 736

gistfile1.cs

public class CustomRequiredPermissionAttribute : RequestFilterAttribute, IApiResponseAttribute
{
    public List<string> RequiredPermissions { get; set; }
    private string permissionsDesc
    {
        get
        {
            return "Required Permissions: {0}".FormatUsing(string.Join(",", RequiredPermissions));
        }
    }

    public CustomRequiredPermissionAttribute(ApplyTo applyTo, params string[] permissions)
    {
        this.RequiredPermissions = permissions.ToList();
        this.ApplyTo = applyTo;
        this.Priority = (int)RequestFilterPriority.RequiredPermission;
    }

    public CustomRequiredPermissionAttribute(params string[] permissions)
        : this(ApplyTo.All, permissions) { }

    public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto)
    {
        if (HasAllPermissions(req)) return;

        throw new HttpError((int)HttpStatusCode.Forbidden, "Invalid Permission", permissionsDesc);
    }

    public bool HasAllPermissions(IHttpRequest req)
    {
        var authorizer = req.TryResolve<IAuthorizationService>();
        
        return authorizer.CurrentUserHasPermission(RequiredPermissions.ToArray());
    }

    public int StatusCode
    {
        get { return (int) HttpStatusCode.Forbidden; }
    }

    public string Description
    {
        get { return permissionsDesc; }
    }
}