Hello folks! I'm just getting started with modeling an authz domain in SpiceDB. I'm wondering how to model the following scenario: I'm managing user access to an organization:

definition organization {
    relation internal_admin : user
    relation internal_user : user
   
    permission manage_teams = internal_admin
}

So an internal admin can manage teams in the org. However I need a setting on the org level that will control this permission: * If the setting = admin then the above scenario applies * if the setting = user then users can also manage teams So I need something like this:

permission manage_teams = (internal_admin & setting=admin) | (internal_user & setting=user)

Any tips on how best to handle such a scenario?