بنقرة واحدة
servicestack-authorization
Applies role-, permission-, and ownership-based authorization using ServiceStack idioms.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Applies role-, permission-, and ownership-based authorization using ServiceStack idioms.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Designs stable, discoverable APIs using routes, metadata, and versioning conventions.
Implements authentication using ServiceStack Auth Providers and session handling.
Implements AutoQuery services, custom filters, and permission-aware querying.
Designs request/response DTOs using DTO-first, message-based ServiceStack conventions.
Controls OpenAPI / metadata exposure without compromising ServiceStack-first design.
Uses OrmLite via the implicit Db connection and understands transaction semantics and rollback behavior.
| name | servicestack-authorization |
| description | Applies role-, permission-, and ownership-based authorization using ServiceStack idioms. |
Authorization in ServiceStack is typically handled via attributes applied to Request DTOs or Service classes.
[RequiredRole("Admin")]: Requires the user to have the "Admin" role.[RequiresAnyRole("Admin", "Manager")]: Requires any of the specified roles.[RequiredPermission("CanEdit")]: Requires the user to have a specific permission.[RequiredRole("Admin")]
public class AdminOnlyRequest : IReturn<AdminResponse> { ... }
Since ServiceStack's philosophy is "it's just code," ownership checks are often implemented inside the service:
public object Any(UpdateOrder request)
{
var order = Db.SingleById<Order>(request.Id);
if (order.CreatedBy != GetSession().UserAuthId)
throw HttpError.Forbidden("You do not own this order.");
// ... logic
}
You can create custom attributes by inheriting from AuthenticateAttribute or implementing IHasRequestFilter.
ServiceModel project. This ensures visibility in the metadata and Swagger.if (User.IsInRole(...)) in services whenever possible; use the declarative attributes to keep the service code clean.