I was wondering if anyone could help me out here. I have a large flagged enum that is used with setting application permissions. The thing is, I want to limit who can see what based on their permissions within the application. I was wondering if this could easily be done with an attribute filter. I'm familiar with action filters and their usefulness, but not with other filters that could potentially do this. I would like to limit the level of access that the user can see to their level and lower. The first part are the permissions and the second part is the level of access to the application.
An example of what i would like to do is:
Person A has the mc_pm role, so they can see everything.
Person B has the bn_pm role, so they should only be able to see "battalion, company, and section" for the level of access.
Here's the enum in question.
[Flags]
public enum Permissions : int
{
disabled = 0,
leadership = 1 << 1,
personnelManagement = 1 << 2,
sectionPoc = 1 << 3,
siteAdministrator = 1 << 4,
supervisor = 1 << 5,
user = 1 << 6,
userAdministrator = 1 << 7,
majorCommand = 1 << 8,
brigade = 1 << 9,
battalion = 1 << 10,
company = 1 << 11,
division = 1 << 12,
section = 1 << 13,
mc_leadership = majorCommand | leadership,
mc_pm = majorCommand | personnelManagement,
mc_ua = majorCommand | userAdministrator,
mc_su = majorCommand | supervisor,
bd_leadership = brigade | leadership,
bd_pm = brigade | personnelManagement,
bd_su = brigade | supervisor,
bd_ua = brigade | userAdministrator,
bn_leadership = battalion | leadership,
bn_pm = battalion | personnelManagement,
bn_su = battalion | supervisor,
bn_ua = battalion | userAdministrator,
co_leadership = company | leadership,
co_pm = company | personnelManagement,
co_su = company | supervisor,
co_ua = company | userAdministrator,
s_leadership = section | leadership,
s_pm = section | personnelManagement,
s_su = section | supervisor
}
Example of how i would like to proceed:
[AllowRoles(mc_pm,mc_ua)]
majorCommand = 1 << 8,
[AllowRoles(mc_pm,mc_ua,bd_pm,bd_ua)]
brigade = 1 << 9,
[AllowRoles(mc_pm,mc_ua,bd_pm,bd_ua,cn_pm,bn_ua)]
battalion = 1 << 10,
[AllowRoles(mc_pm,mc_ua,bd_pm,bd_ua,bn_pm,bn_ua,co_pm,co_ua)]
company = 1 << 11,
[AllowRoles(mc_pm,mc_ua,bd_pm,bd_ua,bn_pm,bn_ua,co_pm,co_ua)]
division = 1 << 12,
[AllowRoles(mc_pm,mc_ua,bd_pm,bd_ua,bn_pm,bn_ua,co_pm,co_ua)]
section = 1 << 13,
Now, I know i can just separate out the enums, but if it isn't necessary, then that would be better.
edit: The enum above will be used to make a multi-select list for the front-end user administrators to be able to grant specific permission levels. the 0-7 bit shifted elements are the permissions and the 8-13 bit shifted items are the level of access granted to each permission.
question from:
https://stackoverflow.com/questions/65850651/using-attribute-filter-on-enum-fields-c 
