Is there also a way to do something similar to

ExpandPermissionTree

but the other way? Imagine a schema like this:

definition user {}

definition group {
   relation member: user
}

definition intersection {
   relation first: group#member
   relation second: group#member

   permission member = first & second
}

definition resource {
   relation access: user | group#member | intersection#member

   permission edit = access
}

If I have the following relations:

group:A member user:ben
group:B member user:ben
intersection:C first group:A#member
intersection:C second group:B#member
resource:doc1 access intersection:C#member
resource:doc2 access group:A#member
resource:doc3 access user:ben

Essentially I want a way of determining the fact that

group:A#member

influences the

edit

permission of `resource`'s

[doc1, doc2]

. If I do a

LookupResources

with

group:A#member

as the subject it only returns

doc2

because technically

group:A#member

doesn't match the other branch of the intersection. This is so that when consuming changes around

group:A

I know which resources to update the index for (I know Materialize does that, but I need a solution sooner than Materialize General Availability and ideally in self-hosted too). Please also note that this is a simplified schema compared to the actual one, so it's not necessarily as simple as just redoing a

LookupResources

for each member of

group:A

when changes happen (which is anyway not very performant)