We are working on security section in XAF and we are trying to implement the security module on some objects and also we are using of "Entity Framework" instead of "XPO".
We have a problem with criteria in Object Permission. The problem is whenever we define a condition in criteria for a "Target Type" in a "Role", this condition is not applied so the rows which not expected to be shown are show, with "Protected Content" values, whenever we login with that Role.
In addition we have monitored all of the transactions between our system and SQL Server by "SQL Server Profiler" and we have found that this conditions (Criteria Conditions) are not added to where clause that are sent to the database. But in the Security Demo application, everything works fine.
So the question is: How can I set a Object Level Permission on some type in a way that it applies on the query so never fetches from database? For now the security applies on the result of query, not the query itself. So it shows all rows, but some with 'Protected Content'.
