i've got a baby version of a role-based schema:

definition user {}

definition role {
    relation bearer: user
}

definition site {
    relation reader: role
    relation writer: role

    permission read = reader
    permission write = writer
}

definition site_trial {
    relation site: site
    relation reader: role
    relation writer: role

    permission read = site->reader + reader
    permission write = site->writer + writer   
}

and when i go to add a relation between a user->role and role->site, and then assert that that user has (say) "write" on the given site, I'm getting an error. do you need intermediate permissions? i was under the impression that spicedb would walk all relations to end at a given permission