alter table [Timesheet].Developers add [Database Principal] int null;
go
create or alter view dbo.[Users]
as
select	dp.principal_id [Id], dp.[name] [Name]
from	sys.database_principals dp
where	dp.[type] = 'E';
go
create or alter function [Timesheet].[CanAccessClient](@Client int)
returns table with schemabinding
as
	return (
		select 1 [Result]
		where	is_rolemember( 'db_owner') = 1 or is_rolemember('Project Manager') = 1 or 
				exists (
					select	1 
					from	[Timesheet].[Assigned Developers] ad inner join
							[Timesheet].[Developers] d on ad.Developer = d.Id
					where	ad.[Client] = @Client and d.[Database Principal] = database_principal_id())
		);
GO
create or alter FUNCTION [Timesheet].[CanAccessProject](@Client int, @Project int)
RETURNS  TABLE with schemabinding
AS
	return (
		select 1 [Result]
		where	is_rolemember( 'db_owner') = 1 or is_rolemember('Project Manager') = 1 or 
				exists (
					select	1 
					from	[Timesheet].[Assigned Developers] ad inner join
							[Timesheet].[Developers] d on ad.[Developer] = d.Id
					where	ad.Client = @Client and ad.Project = @Project and d.[Database Principal] = database_principal_id())
		);
GO
CREATE SECURITY POLICY [Timesheet].[Filters]
    ADD FILTER PREDICATE [Timesheet].[CanAccessClient]([Id]) ON [Timesheet].[Clients],
    ADD FILTER PREDICATE [Timesheet].[CanAccessProject]([Client], [Id]) ON [Timesheet].[Projects]
    WITH (STATE = ON);
GO