Is it possible to add tuples with contextual tuples?

[xXAvoraXx]

Hello, I have a scenario like this. We sell plans to businesses and they include features. Features contain resources. Resources are the endpoints of our webapi services.

Users become members of businesses.
A user can register for more than one business. (contextual)

However, if the business administrator wants to block a user from accessing the relevant resource, they cannot do so.

This is my scheme.

type user
type plan
  relations
    define subscriber as self
    define subscriber_member as member from subscriber
type business
  relations
    define member as self and user_in_context
    define user_in_context as self
type feature
  relations
    define associated_plan as self
    define feature_member as subscriber_member from associated_plan
type resource
  relations
    define associated_feature as self
    define can_access as feature_member from associated_feature but not blocked
    define blocked as self

I added a relation named blocked in the Resources type and if I can define the user with this relation a relation tuple like below will solve all my problem.

{
  "tuple_key": {
    "user": "user:john",
    "relation": "blocked",
    "object": "resource:getreceipt"
  },
  "contextual_tuples": {
    "tuple_keys": [
      {
        "user": "user:john",
        "relation": "user_in_context",
        "object": "business:example"
      }
    ]
  }
}

When a user is blocked access to resources, all businesses are blocked from their resources. I want to block access to resources only in the context of the business.

[xXAvoraXx]

I solved that problem like this.

type resource_access_group
  relations
    define parent_business: [business]
    define member: business_member from parent_business or owner_member from parent_business

type permission
  relations
    define associated_feature: [feature]
    define feature_access: feature_member from associated_feature
    define feature_owner_access: feature_owner_member from associated_feature
    define subscriber_business: subscriber_business from associated_feature
    
type permission_repo
  relations
    define associated_permission: [permission]

type permission_access
  relations
    define associated_permission: [permission]
    define associated_resource_access_group: [resource_access_group]
    define blocked: [user] and member from associated_resource_access_group
    define access: [user] and business_member
    
    define business_member: member from associated_resource_access_group but not blocked
    
    define can_member_access: business_member and feature_access from associated_permission

    define can_owner_access: business_member and feature_owner_access from associated_permission
    
    define associated_business_role: [business_role#business_role_member] 
    define business_role_member: associated_business_role and business_member
    define can_access_individual_or_role: access or business_role_member
    
    define can_access_member_and_individual_or_role: can_member_access and can_access_individual_or_role
    
    define can_access: can_access_member_and_individual_or_role or can_owner_access
    
    define permission_from_plan: subscriber_business from associated_permission
    
    define permission_from_resource: parent_business from associated_resource_access_group
    
    define permission_business: permission_from_plan and permission_from_resource