Hi. We are migrating our permissions system to Authzed and I have a question on how to model a specific part of it. We have workspaces, projects and boards. Any rights people have on an upper level, are inherited on the lower level. As follows:

definition app/user {}

definition app/workspace {
    relation viewer: app/user
    relation editor: app/user
    permission read = viewer
    permission write = editor
}

definition app/project {
    relation workspace: app/workspace
    relation viewer: app/user
    relation editor: app/user
    permission read = viewer + workspace->read
    permission write = editor + workspace->write
}

definition app/board {
    relation project: app/project
    relation viewer: app/user
    relation editor: app/user
    permission read = viewer + project->read
    permission write = editor + project->write
}

The rule we're trying to model now is, people that are part of a

board

, but not part of the respective

workspace

, should have a specific permission set on that

workspace

, that we call "guest" permissions. Perhaps something like this pseudo code:

definition app/workspace {
    permission guest_read: linked_projects->linked_boards->viewer
}

This would be the other way around of the -> operator. Making a lookup on a relation that lives on other definitions. Is this possible? Or how else would you suggest modeling this rule?