alternatively, you could use a caveat if you expected the restricted status to be more dynamic:

definition user {}

caveat not_restricted(is_restricted boolean) {
  !is_restricted
}

definition document {
  relation admin: user
  relation viewer: user with not_restricted

  permission view = viewer + admin
}