How to apply OR in PrincipalPermission in base and derive class

Question

I have a base class.

[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]
public class Base
{

}

and derived one.

[PrincipalPermission(SecurityAction.Demand, Role = "Developer")]
public class Derived : Base
{

}

I want to let user with "Developer" rights to create an object of Derived. But I am unable to do as base class has permission to admin.

Admin should be able to create object of all derived classes. So I want to put the permission in base class for admin.

How can I sort this problem.

Answer 1

The reason that this doesn't work is that the Base class is created before the Derived class. And as only administrators can call the Base class you have no way of letting the Role=Developer create the base object.

You could however introduce 2 constructors in this scenario in the base class, one restricted to Admin and possibly a protected one restricted to the Developer. You'd then have to call the c'tor for the Developer explicitly from the Derived class.

However, I really would NOT recommend doing this. I'd rather introduce a factory class or method and restrict the creation there.