entity Photo in [Album] { owner: User };
entity UserGroup;
entity Album in [Album];
entity User in [UserGroup];

action edit, view appliesTo { principal: [User], resource: [Photo] };