public void Request_Filter_Uses_NewExpression()
{
// Arrange
var resource = new RequestFilteredResource(isAdmin: false);
// Act
var attrs = resource.GetAllowedAttributes();
// Assert
Assert.DoesNotContain(attrs, a => a.InternalAttributeName == nameof(Model.AlwaysExcluded));
Assert.DoesNotContain(attrs, a => a.InternalAttributeName == nameof(Model.Password));
}