Nhibernate filter tree permissions

Question

I am trying to create an HQL query that will filter a tree based on a user.

On the tree root i have AllowUsers and AllowRoles and on each node I have DenyUsers and DenyNodes. I can filter to on the user on the root of the tree using

select e 
from oStructureMenu e 
  join fetch e.Nodes n 
where e.Id = :id 
  and :user in (select u from e.AllowUsers u)

but when I add

and :user in (select f.DenyUsers from n f)

the sql created has a syntax error

Also I have no idea how I am going to compare the roles for the user to the roles in the allow or deny roles collections

Any help will be appreciated...

Answer 1

shouldn't it be

and :user in (select f from n.DenyUsers f)