EDIT: fixed I'm having challenges some issues nesting objects in keto, while attempting RBAC. When directly adding a user to a resource it works, but when I have

Resource > Role (> Role) > User

, it doesn't seem to work. Any ideas why? I've been following the guides so far Query:

{
  "subject_set": {
    "namespace": "User",
    "object": "admin"
  },
  "namespace": "Resource",
  "object": "pgweb",
  "relation": "access"
}

Namespaces:

/**
 * "User" represents a user in the system.
 */
class User implements Namespace {}

/**
 * "Role" represents a role. 
 *  - Each role can be assigned members either directly,
 *    or inderectly through inheritance from other roles.
 *  - Roles can be used to provide access to resources.
 */
class Role implements Namespace {
  related: {
    members: (User | Role)[]
  }
}

/**
 * "Resource" represents any resource that requires access in the system.
 */
class Resource implements Namespace {
  related: {
    parents: (Resource)[]
    // All members of the list of roles have access.
    access: (User | SubjectSet<Role, "members">)[]
  }

  permits = {
    access: (ctx: Context): boolean =>
      this.related.access.includes(ctx.subject) ||
      this.related.parents.traverse((p) => p.permits.access(ctx)),
  }
}

Tuples:

[
	{
    "namespace": "Role",
    "object": "administrator",
    "relation": "members",
    "subject_set": {
      "namespace": "User",
      "object": "admin"
    }
  },
	{
    "namespace": "Role",
    "object": "postgres-admin",
    "relation": "members",
    "subject_set": {
      "namespace": "Role",
      "object": "administrator"
    }
  },
	{
    "namespace": "Resource",
    "object": "pgweb",
    "relation": "access",
    "subject_set": {
      "namespace": "User",
      "object": "admin"
    }
  },
	{
    "namespace": "Resource",
    "object": "pgweb",
    "relation": "access",
    "subject_set": {
      "namespace": "Role",
      "object": "postgres-admin"
    }
  }
]