private string GetOperationAttributes(OperationModel operation)
{
var attributes = new List <string>();
attributes.Add(GetHttpVerbAndPath(operation));
if (!IsControllerSecured() && operation.HasSecured())
{
// We can extend this later (if desired) to have multiple Secure stereotypes create
// multiple Authorization Models.
var authModel = new AuthorizationModel();
GetDecorators().ToList().ForEach(x => x.UpdateOperationAuthorization(authModel, new OperationSecureModel(operation, operation.GetSecured())));
attributes.Add(GetAuthorizationAttribute(authModel));
}
else if (IsControllerSecured() && operation.HasUnsecured())
{
attributes.Add("[AllowAnonymous]");
}
return(string.Join(@"
", attributes));
}