Hi all, I am in a predicament. I have the following schema

definition account {
}

definition app {
    // TIP Sensor relations
    relation app_user: account
    relation app_viewer: account

    permission create_session = app_user
    permission view_app = app_viewer + create_session
}

definition app_session {
    relation owner: account
    relation shared_delete_access: account
    relation shared_edit_access: account
    relation shared_view_access: account

    permission delete_session = owner + shared_delete_access
    permission edit_session = delete_session + shared_edit_access
    permission view_session = edit_session + shared_view_access
    permission can_share = owner
}

From the above, I understand the app_user will be able to create a session and therefore will be designated owner and can share with any account. Once the app session has been shared, how can I ensure that the account its been shared with has app_user permission? I was thinking of using caveats but I am sure I can't pass another relationship as a caveat. I was also thinking of adding a relation of app_session back to app, but I don't want all users to be able to interact with a session, just the owner and the accounts the owner has shared with. Should I do the check externally?