I am trying to implement something like this:

1. At the bottom of a tree, we have a "Operation".
2. One Operation can be a multiple nested "Operation"
3. Then comes the "Task"
4. One task can have many nested "Tasks" as well as one or many "Operations"
5. Then comes "Roles"
6. One Role can have many nested "Roles", Tasks" and "Operations"

I want to make sure the following:

group:group_1 isAllowed operation:role_1_1_task_1_task_1_op_1

group:group_4 isAllowed operation:role_1_1_task_1_task_1_op_1

Here is my DSL:

model
  schema 1.1

type group

type operation
  relations
    define allowed_group: [group]
    define isAllowed: allowed_group or allowed_group from parent_operation or isAllowed from parent_task or isAllowed from parent_role
    define parent_operation: [operation]
    define parent_role: [role]
    define parent_task: [task]

type task
  relations
    define allowed_group: [group]
    define isAllowed: allowed_group or allowed_group from parent_task or isAllowed from parent_role
    define parent_role: [role]
    define parent_task: [task]

type role
  relations
    define allowed_group: [group]
    define isAllowed: allowed_group or isAllowed from parent_role
    define parent_role: [role]

Here are my tuples:

USER group:group_1
RELATION allowed_group
OBJECT role:role_1

USER role:role_1
RELATION parent_role
OBJECT operation:role_1_op_1

USER role:role_1
RELATION parent_role
OBJECT role:role_1_1

USER role:role_1_1
RELATION parent_role
OBJECT operation:role_1_1_op_1

USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_1

USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_2

USER task:role_1_1_task_2
RELATION parent_task
OBJECT operation:role_1_1_task_2_op_1

USER task:role_1_1_task_1
RELATION parent_task
OBJECT task:role_1_1_task_1_task_1

USER task:role_1_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_op_1

USER group:group_2
RELATION allowed_group
OBJECT operation:role_1_op_1

USER group:group_7
RELATION allowed_group
OBJECT operation:role_1_1_op_1

USER group:group_8
RELATION allowed_group
OBJECT operation:role_1_1_task_2_op_1

USER group:group_3
RELATION allowed_group
OBJECT task:role_1_task_1

USER role:role_1
RELATION parent_role
OBJECT task:role_1_task_1

USER group:group_4
RELATION allowed_group
OBJECT role:role_1_1

USER group:group_5
RELATION allowed_group
OBJECT task:role_1_1_task_1

USER group:group_9
RELATION allowed_group
OBJECT operation:role_1_1_task_1_task_1_op_1

USER group:group_6
RELATION allowed_group
OBJECT task:role_1_1_task_2

USER task:role_1_1_task_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_task_1_op_1

Here are my assertions so far:

USER group:group_4
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True

USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED True

USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_op_1
ALLOWED True

USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True

USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True

USER group:group_2
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED False

USER group:group_5
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True

USER group:group_6
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True

USER group:group_7
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True

It seems anything nesting not working.. In my path, I have two nested tasks. that seems to be an issue.