steff-mueller/ExampleRequest.cs

## ExampleRequest.cs
//Example usage of these attributes:

[Authenticate]
[RequiredPermission("CanInspectTweets")]
[RequiredPermissionOnPost("CanAddTweets")]
[RequiredPermissionOnPut("CanAddTweets")]
[RequiredPermissionOnDelete("CanRemoveTweets")]
[RestService("/tweets",)]
 public class Tweet { ... }

## IOAuthSession.cs
public interface IOAuthSession
{
	string ReferrerUrl { get; set; }
	string Id { get; set; }
	string UserAuthId { get; set; }
	string UserName { get; set; }
	string DisplayName { get; set; }
	string FirstName { get; set; }
	string LastName { get; set; }
	string Email { get; set; }
	List<IOAuthTokens> ProviderOAuthAccess { get; set; }
	DateTime CreatedAt { get; set; }
	DateTime LastModified { get; set; }
	bool IsAnyAuthorized();
	bool IsAuthorized(string provider);

	void OnAuthenticated(IServiceBase oAuthService, IOAuthTokens tokens, Dictionary<string, string> authInfo);

	bool TryAuthenticate(IServiceBase oAuthService, string userName, string password);

        //New method!
        bool HasPermission(string permission);
}

## PermissionHandler.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using ServiceStack.Common;
using ServiceStack.ServiceInterface;
using ServiceStack.WebHost.Endpoints;
using ServiceStack.Common.Web;

namespace Servicestack.Security
{
    public static class PermissionHandler
    {
        //Init has to be called in the app host
        public static void Init(AppHostBase apphost)
        {
            apphost.RequestFilters.Add((req, res, dto) =>
                {
                    string sessionId = req.GetPermanentSessionId();
                    UserSession session = apphost.GetCacheClient().GetSession(sessionId);

                    List<string> requiredPermissions;

                    var attribute = dto.GetType().FirstAttribute<RequiredPermissionAttribute>();
                    if (attribute != null)
                        requiredPermissions = attribute.RequiredPermissions;
                    else
                        requiredPermissions = new List<string>();


                    if (req.HttpMethod == HttpMethods.Get)
                    {
                        var getAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnGetAttribute>();
                        requiredPermissions.AddRange(getAttribute.RequiredPermissions);
                    }
                    else if (req.HttpMethod == HttpMethods.Post)
                    {
                        var postAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
                        requiredPermissions.AddRange(postAttribute.RequiredPermissions);
                    }
                    else if (req.HttpMethod == HttpMethods.Put)
                    {
                        var putAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
                        requiredPermissions.AddRange(putAttribute.RequiredPermissions);
                    }
                    else if (req.HttpMethod == HttpMethods.Delete)
                    {
                        var deleteAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
                        requiredPermissions.AddRange(deleteAttribute.RequiredPermissions);
                    }
                    //To-do: Add other http methods

                    foreach (string requiredPermission in requiredPermissions)
                    {
                        if (!session.HasPermission(requiredPermission))
                        {
                            res.StatusCode = (int)HttpStatusCode.Unauthorized;
                            res.Close();
                            return;
                        }
                    }
                });
        }
    }
}

## RequiredPermissionAttribute.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace Servicestack.Security
{
    [AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)]
    public class RequiredPermissionAttribute : Attribute
    {
        public List<string> RequiredPermissions { get; set; }

        public RequiredPermissionAttribute(params string[] permissions)
        {
            this.RequiredPermissions = permissions.ToList();
        }
    }

    public class RequiredPermissionOnGetAttribute : RequiredPermissionAttribute
    {
        public RequiredPermissionOnGetAttribute(params string[] permissions) : base(permissions) { }
    }

    public class RequiredPermissionOnPostAttribute : RequiredPermissionAttribute
    {
        public RequiredPermissionOnPostAttribute(params string[] permissions) : base(permissions) { }
    }

    public class RequiredPermissionOnPutAttribute : RequiredPermissionAttribute
    {
        public RequiredPermissionOnPutAttribute(params string[] permissions) : base(permissions) { }
    }

    public class RequiredPermissionOnDeleteAttribute : RequiredPermissionAttribute
    {
        public RequiredPermissionOnDeleteAttribute(params string[] permissions) : base(permissions) { }
    }
}
	//Example usage of these attributes:

	[Authenticate]
	[RequiredPermission("CanInspectTweets")]
	[RequiredPermissionOnPost("CanAddTweets")]
	[RequiredPermissionOnPut("CanAddTweets")]
	[RequiredPermissionOnDelete("CanRemoveTweets")]
	[RestService("/tweets",)]
	public class Tweet { ... }
	public interface IOAuthSession
	{
	string ReferrerUrl { get; set; }
	string Id { get; set; }
	string UserAuthId { get; set; }
	string UserName { get; set; }
	string DisplayName { get; set; }
	string FirstName { get; set; }
	string LastName { get; set; }
	string Email { get; set; }
	List<IOAuthTokens> ProviderOAuthAccess { get; set; }
	DateTime CreatedAt { get; set; }
	DateTime LastModified { get; set; }
	bool IsAnyAuthorized();
	bool IsAuthorized(string provider);

	void OnAuthenticated(IServiceBase oAuthService, IOAuthTokens tokens, Dictionary<string, string> authInfo);

	bool TryAuthenticate(IServiceBase oAuthService, string userName, string password);

	//New method!
	bool HasPermission(string permission);
	}
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Net;
	using System.Text;
	using ServiceStack.Common;
	using ServiceStack.ServiceInterface;
	using ServiceStack.WebHost.Endpoints;
	using ServiceStack.Common.Web;

	namespace Servicestack.Security
	{
	public static class PermissionHandler
	{
	//Init has to be called in the app host
	public static void Init(AppHostBase apphost)
	{
	apphost.RequestFilters.Add((req, res, dto) =>
	{
	string sessionId = req.GetPermanentSessionId();
	UserSession session = apphost.GetCacheClient().GetSession(sessionId);

	List<string> requiredPermissions;

	var attribute = dto.GetType().FirstAttribute<RequiredPermissionAttribute>();
	if (attribute != null)
	requiredPermissions = attribute.RequiredPermissions;
	else
	requiredPermissions = new List<string>();


	if (req.HttpMethod == HttpMethods.Get)
	{
	var getAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnGetAttribute>();
	requiredPermissions.AddRange(getAttribute.RequiredPermissions);
	}
	else if (req.HttpMethod == HttpMethods.Post)
	{
	var postAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
	requiredPermissions.AddRange(postAttribute.RequiredPermissions);
	}
	else if (req.HttpMethod == HttpMethods.Put)
	{
	var putAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
	requiredPermissions.AddRange(putAttribute.RequiredPermissions);
	}
	else if (req.HttpMethod == HttpMethods.Delete)
	{
	var deleteAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>();
	requiredPermissions.AddRange(deleteAttribute.RequiredPermissions);
	}
	//To-do: Add other http methods

	foreach (string requiredPermission in requiredPermissions)
	{
	if (!session.HasPermission(requiredPermission))
	{
	res.StatusCode = (int)HttpStatusCode.Unauthorized;
	res.Close();
	return;
	}
	}
	});
	}
	}
	}