public void MainTest() { using (var session = Domain.OpenSession()) using (var t = session.OpenTransaction()) { var r1 = new Role(globalId1) { Name = "1" }; var r2 = new Role(globalId2) { Name = "2" }; var de = new Document(Guid.NewGuid()) { SysName = "Control" }; var p1 = new FunctionalPermission(globalId3) { FullControl = false, Read = true, Name = "q", Entity = de, Role = r1 }; var p2 = new FunctionalPermission(globalId4) { FullControl = true, Read = false, Delete = true, Name = "q", Entity = de, Role = r2 }; t.Complete(); } using (var session = Domain.OpenSession()) using (var t = session.OpenTransaction()) { Assert.IsFalse(FunctionalPermission.CanRead("Control", new string[] { })); Assert.IsTrue(FunctionalPermission.CanRead("Control", new[] { "1" })); Assert.IsFalse(FunctionalPermission.CanControl("Control", new[] { "1" })); Assert.IsFalse(FunctionalPermission.CanCreate("Control", new[] { "1", "2" })); Assert.IsFalse(FunctionalPermission.CanRead("Control", new[] { "1", "2" })); Assert.IsTrue(FunctionalPermission.CanDelete("Control", new[] { "1", "2" })); var roles = new[] { "1", "2" }; var q = from perm in session.Query.All <RowLevelPermission>() where perm.Role.Name.In(roles) && perm.Fields.Any(m => m.Linked.SysName == "Control") select perm; var result = q.ToList(); } }