I'm trying to come up with a schema that allows for roles as re-usable sets of permissions that can be used in different scopes. for example, giving someone edit access to all an organizations members or all members of all organizations across a platform/application. I started with combining the user-defined roles blog example + the admin access example, but if I just duplicate the same pattern as the "project" relations to the role on the organization definition, then it seems like I would either give anyone with membership on the role access to any organization related to that role unless I duplicated the same role + relations for every organization, neither of which is what I want. I'm now trying something like this:
but it doesn't like my nested arrow operators 😦 anyone have an idea how I could accomplish this with a simpler model?