That's interesting, it might work - however, I also have parent and child resource types, so roles might be inherited from the parent or to the child, or be granted directly, which seems hard to reconcile with your solution since it requires the user to have a direct relationship on "resource" For completeness, could you show me what you mean by "use an arrow to check members of the team as well in the permission"? Would that be something like

permission editor -> (direct_editor + direct_editor->member) & feature_flag

?