since you're checking the permission itself dynamically too, you need to create a resource type that references both the resource and permission as a single unit, so you can check it