Servicestack 4.5.6 broke HasRole and HasPermission

Question

I lost a breaking change somewhere - I upgraded ServiceStack from a pretty old version today (4.0.x) and found the new parameter of type IAuthRepository on HasRole and HasPermission. My project doesn't use an IAuthRepository, so the injected AuthRepo is returning null. When I set a breakpoint on the HasRole line below, I can see that the strings in the Roles property of the session variable, but the HasRole() is returning false.

All of my RequiresRole, RequiresAnyRole are failing as well, as if my service has no roles defined (but I can see them in my session.Roles variable).

public class AppUniversalSearchService : Service
{
    public IAuthRepository AuthRepo { get; set; }

    public object Any(AppUniversalSearch request)
    {
        var session = base.SessionAs<DVAuthUserSession>();

        if (session.HasRole("CanAccessPD", AuthRepo))
        {
        }
    }
}

Answer 1

The AuthUserSession was refactored to make use of an IAuthRepository if it exists. It was also expected that a UserAuthId was populated but as that's only required when an IAuthRepository exists, the validation check has been moved to when it's required in this commit.

You can either upgrade to v4.5.7 on MyGet which includes this change or override HasRole in your Customer User Session class, e.g:

public class DVAuthUserSession : AuthUserSession
{
    public override bool HasPermission(string permission, IAuthRepository authRepo) =>
        this.Permissions != null && this.Permissions.Contains(permission);

    public override bool HasRole(string role, IAuthRepository authRepo) =>
        this.Roles != null && this.Roles.Contains(role);
}