FEATURE: provide ability to define requirements against generic GetById and List queries #58
Description
At the moment the only way to protect a Command or Query with an AuthorizationRequirement is applying an Attribute to the class representing that Command Or Query:
https://github.com/onebeyond/onebeyond-studio-core/blob/main/src/OneBeyond.Studio.Domain.SharedKernel/Authorization/AuthorizationPolicyAttribute.cs
However this prevents the possibility of using the generic GetById and List queries that are already available in OneBeyond Studio Core and limit the reusability of the dedicated generic handlers.
A possible implementation could be a sort of fluent configuration where a user can specify that for a MediatR IRequest there is an authorisation requirement applied (a bit like Automapper):
For(typeof(GetById<SomeEntityDto, SomeEntity, Guid>)).ApplyRequirement(typeof(MyPermissionRequirement));