I created a domain model with roo and would like to add rules to filter data and restrict access depending on the actual user or his role.

Here are some examples:

Assume there are the entities Activity, User and Contact. An activity references users as guests and users as hosts. A user can have contacts.

1. Now if a given users wants to create a new activity the list of users for guests should be restricted to the users contacts and the list of hosts should be restricted to the user and his contacts.

2. Only show activities where the user is either a host or guest.

3. Only allow a host to edit an activity.

How can I implement that with roo? Some kind of annotation would be great to restrict access. Any recommendation?