Permissions on a per item basis

Hi, I’m trying to figure out the best way to implement the following in strapi:

I have these content types and fields:

  • User
  • Department (has many users)
  • Post (has many departments)

So posts should be possible to restrict to a department. How should I go about implementing this as settings / permissions is on a collection basis?