I want project users only be able to see the projects in which they are member.
But since my project memberes are real employees, not users, I have added a bidirectional many2many project user relation. Also I have made a bidirectional user employee relation (one2 many, many2one).

Then I have create a record rule on the project user group with the following domain:

<field name="domain_force">[('member_ids', 'in', user.employee_ids[0].ids)]</field>

On projects list view the domain filter seems to work. Only the wanted projects are shown.
But when i try to open the form view of a project I get the following access denied error:

Access Denied
The requested operation cannot be completed due to security restrictions. 
Please contact your system administrator.
(Document type: Project, Operation: read)

Most likely the domain is wrong, but I don't get how to make it work...
Any help is highly appreciated.

EDIT: Regarding question 41777, the domain should be:

            [('member_ids.user_id', '=', user.id)]

But the issue remains the same..