How to allow access to resource A depending on Resource B's attributes?

[Mehran poursadeghi]

Let's say we have two resource types: 

• Shop (I have many shop resources), Its properties contain:

        owner_id: {user_id}

• Product (each shop has many products), its properties contain:

      shop_id: {shop_id}

when my app sends an authorization request to check if the user has permission to edit a product, I want to allow it If the user is a shop owner.

As you see this policy needs to check the shop resource's properties, but my authorization request checks permission on the "Product" resource.

Can someone please tell me what is the best solution to solve it on Keycloak?