definition object {
  permission view
  permission view_if_granted
  permission grant_view
}

has_permission = checkPermission("object:1", "view", "user:2")
if not has_permission then
  has_permission = checkPermission("object:1", "view_if_granted", "user:2")
               and checkPermission("object:1", "grant_view", "application:3")
end