Sure, I can guide you on how to model this in Ory's Permission Language (OPL). OPL is a subset of TypeScript and is used to define permissions in Ory. First, you would define your objects (entities) which in your case are

Appointment

and

Patient

. Then, you would define the relationships each object has to other objects. In your case, you might have relationships like

creator

,

deleter

, and

blockoutUpdater

for the

Appointment

object. Here's a simplified example of how you might define these in OPL:

typescript import { Namespace, Context } from "@ory/keto-namespace-types"    class User implements Namespace {}    class Appointment implements Namespace {    related: {    creators: User[]    deleters: User[]    blockoutUpdaters: User[]    }   }    class Patient implements Namespace {    related: {    // Define relationships for Patient  }   }

Next, you would define the permissions for each object. These permissions are essentially TypeScript functions that return a boolean value based on the relationships in Ory Permissions. Here's how you might define permissions for the

Appointment

object:

typescript class Appointment implements Namespace {    related: {    creators: User[]    deleters: User[]    blockoutUpdaters: User[]    }     permits = {    create: (ctx: Context): boolean => this.related.creators.includes(ctx.subject),    delete: (ctx: Context): boolean => this.related.deleters.includes(ctx.subject),    updateBlockouts: (ctx: Context): boolean => this.related.blockoutUpdaters.includes(ctx.subject),    }   }

In this example, the

create

,

delete

, and

updateBlockouts

permissions check if the subject (user) is included in the respective relationship array. Remember to test your permission model. You can create relationships and check permissions through the API or SDK. For continuous testing, automate testing your permission model and use a separate Ory Network project for complex permission model changes. For more details, refer to the [Ory documentation](https://www.ory.sh/docs/keto/modeling/create-permission-model) on creating a permission model.