function

           var ds =
               //from auth in context.FunctionAuth
               //from func in context.Function
               //where auth.RoleName == roleName && (Guid)func.WorkflowActionTypeId == actionTypeId
               //select func.FunctionId;

                   (from auth in context.FunctionAuth
                    where auth.RoleName == roleName && auth.Allow == true
                    select auth.FunctionId).Intersect(
                    from func in context.Function
                    where func.WorkflowActionTypeId == actionTypeId
                    select func.FunctionId);