'm currently developing an ASP.NET MVC4 application which have 3 roles: admin, manager and editor. The editors can CRUD articles in the system BUT the editors can only read, update or delete their OWN articles. I've seen I can control the access to the controller and action by adding:

[Authorize(Roles="editor")]

but it only restricts the role not the information.

If the editor A created the article 1 ONLY the editor A has access to that article. No other role has access to the controller or the information. What would be the best practice in order to restrict the access by role and by context?