授权中的多个用户角色

我有一个控制器，具有管理员权限的用户或护士可以访问它。然后，在单独的行动上，如果我愿意，我可以做更严格的操作。现在我拥有的是这样的东西

 [AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]

它工作正常。但我会像这样

 [AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]

授权

用户是定制的授权

public class AuthorizeUser : AuthorizeAttribute
{
    public string UserRole { get; set; }
    public string OrganizationType { get; set; }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }
        return CheckOrganizationType
            .checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
    }
}
   public static bool checkRole(String role, String organizationType, User user)
    {
        RolesType rt = null;
        OrganizationType ot = null;
        foreach (UserRoles ur in user.GetUserRoles())
        {
            rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
            ot = OrganizationType.Get(ur.organizationTypeId, "1");
        }
        if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
        {
            return true;
        }
        else
        {
            return false;
        }
    }

，然后检查当前用户是否具有任何定义的角色。如何做到这一点？知道吗？

if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)

if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)